dev-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt's examples and supported actions (e.g., browser_script/findAndFill with "text": "secret123" or "mypassword") demonstrate and enable embedding plaintext credentials directly into generated action payloads, which would require the LLM to handle and output secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and tools (SKILL.md's browser_script, browser_batch_actions, browser_evaluate, snapshots, etc.) plus the included references/scraping.md explicitly instruct capturing/replaying requests and extracting responses from public sites (e.g., example.com/profile, "UserTweets"//api endpoints) — i.e., it fetches and ingests untrusted, user-generated third-party web content and uses that content to drive extraction and follow-up actions.