skyvern-browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs the agent to create cloud sessions and fetch/inspect arbitrary public sites (e.g., "skyvern browser extract --prompt ..." and "skyvern browser run-task --url 'https://example.com'"), meaning it ingests untrusted third‑party web content and uses that content to drive actions and decisions within the workflow.