browserbase-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's documentation and workflow (e.g., SKILL.md and references/stagehand.md) explicitly show Stagehand/Page APIs visiting arbitrary public sites (page.goto('https://news.ycombinator.com')) and using page.act, page.extract, and agent.execute to read and act on webpage content, meaning untrusted, user-generated third‑party pages can be interpreted and directly influence agent actions.