web-browse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and actions (e.g., login --user <username> --pass <password> and fill "#password" secretpass) require embedding passwords/API credentials directly in CLI commands or form-fill values, forcing the LLM to output secret values verbatim and creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to arbitrary URLs and ingests public web pages (see "goto
• Navigate to URL" and workflow examples) and returns page content via snapshot/read/evaluate (notably "read" returns element text wrapped in [PAGE_CONTENT: ...] and extract/paginate operate over page content), and those outputs are used to decide clicks, form fills, pagination, and extraction—so untrusted third-party page content can materially influence the agent's subsequent actions.