Indirect prompt injection attacks let websites embed hidden instructions. AI browsers execute the hidden instructions as user commands. Vulnerabilities could give attackers access to banking, email, ...