agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md for agent-browser explicitly instructs the agent to navigate, scrape, and interact with arbitrary websites (e.g., "open a website", "scrape data from a page", "fill out a form"), so the skill fetches and reads untrusted public web content that can directly influence agent actions and enable indirect prompt injection.