agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains multiple commands and examples that embed credentials and secret values directly in CLI arguments and command outputs (e.g., fill @e2 "password123", agent-browser set credentials user pass, set headers '{"X-Key":"v"}', cookies set name value), which would require the LLM to include secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md shows the agent can navigate to arbitrary URLs with "agent-browser open " and ingest page content via "agent-browser snapshot -i", "get text/html", and "eval"—so it clearly fetches untrusted, user-generated web content and uses that content to drive interactions and decisions.