browser-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill launches AI-driven browsers to navigate arbitrary public websites (e.g., the SKILL.md examples instruct the agent to "Search for the top Hacker News post" and "Go to linkedin.com" and says "the agent will open a browser and complete it"), meaning it fetches and interprets untrusted, user-generated web content as part of its workflow and that content can influence subsequent actions.