web-browse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly shows and documents passing credentials as literal CLI arguments and form values (e.g., fill "#password" secretpass and login --pass ), which requires the agent to include secret values verbatim in generated commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill headlessly navigates to arbitrary public URLs and returns/uses page content (see SKILL.md actions like goto/snapshot/read/evaluate and macros like extract/paginate which ingest and extract text from web pages), so it clearly fetches untrusted third-party/user-generated content that can influence subsequent actions.