agent-browser-visual

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main workflow (SKILL.md) explicitly instructs the agent to open arbitrary URLs (e.g., "agent-browser open ", "agent-browser diff url ...") and to "snapshot -i # explore first, plan your actions", which means the agent fetches and interprets untrusted public web pages/DOM as part of its decision/action flow, allowing third-party content to influence behavior.