A demonstrated context-manipulation attack shows how agentic browsers can be nudged past guardrails, turning untrusted page content into a path toward sensitive credential disclosure.