agent-browser-ios

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly includes navigating to arbitrary URLs (e.g., the "open " / "open https://app.example.com" step) and inspecting/acting on WebView content via commands like snapshot -i, get text, and find role ... click, which means the agent will fetch and interpret untrusted public web content that can influence subsequent actions.