download-webpage-as-pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Flagged because SKILL.md explicitly instructs the agent to fetch arbitrary external webpages via "agent-browser open " and then to consume/inspect that page (and the generated PDF via the Read tool) so untrusted, public web content is ingested and can materially influence subsequent actions like trusting, trimming, or further processing the document.