run-agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly drives a browser against arbitrary URLs and ingests page content for decision-making (e.g., SKILL.md and commands like "agent-browser open ", snapshot/get/eval workflows) and helper script scripts/inspect-page.sh which open user-supplied URLs, so untrusted third‑party pages can be read and used to influence agent actions.