browser-form-fill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill opens recorded browser sessions and calls browser_snapshot/browser-record to ingest accessibility snapshots from arbitrary public websites and then interprets page labels/selectors to drive browser_fill/browser_click actions, so untrusted third‑party page content can influence agent behavior.