agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to navigate arbitrary URLs via "agent-browser open " and then snapshot/get text/find/click page elements (e.g., snapshot -i, get text, find text "Sign In"), which means the agent fetches and interprets untrusted third‑party web content as part of its workflow and can act on instructions embedded in those pages.