web-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs agents to extract and preserve full URLs (including session-related parameters like tokens) and to construct curl/HTTP calls with those URLs, which can force the LLM to include sensitive session tokens or other secrets verbatim in generated commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's CDP browser and proxy explicitly open and navigate arbitrary public URLs and execute JS to read/parse DOM (see SKILL.md "浏览器 CDP" and the Proxy API in references/cdp-api.md with endpoints like /new, /navigate, /eval, plus README examples such as "读一下这个页面:[URL]"), so untrusted third‑party web content is ingested and can steer subsequent agent actions.