cmux-help

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documented browser automation workflow (SKILL.md "Browser — 핵심 루프" and references/browser.md) explicitly instructs the agent to open arbitrary URLs (cmux browser open ), snapshot/inspect page DOM (snapshot --interactive, get html/body, eval, find text), and then perform actions (click, fill, goto), meaning untrusted public web content can be fetched and can directly influence subsequent actions.