web-browse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill's CLI actions and examples (e.g., login --user --pass , fill "#password" secretpass) explicitly show passing plaintext credentials as command arguments or form values, which requires the LLM to include secret values verbatim in generated commands—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to arbitrary URLs and ingests public web pages (see "goto
• Navigate to URL" and workflow examples) and returns page content via snapshot/read/evaluate (notably "read" returns element text wrapped in [PAGE_CONTENT: ...] and extract/paginate operate over page content), and those outputs are used to decide clicks, form fills, pagination, and extraction—so untrusted third-party page content can materially influence the agent's subsequent actions.