agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains explicit examples that embed plaintext passwords/tokens and a command to set headers with a token (e.g., fill "#password" "testpass123", agent-browser set headers '{"Auth": "token"}'), which instructs including secret values verbatim in commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's commands (e.g., "agent-browser open ", the Web Scraping section, and output/inspection commands like "get text", "get html", "snapshot", and "eval") allow the agent to fetch and read arbitrary public web pages and user-generated content, exposing it to untrusted third-party content that could carry indirect prompt injection.