browser-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the agent to "fill in email and password" when automating login flows, which typically requires the agent to include secret credentials verbatim in its generated browser actions unless a secure secret-injection mechanism is used, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly supports navigating to URLs and inspecting page content (see "Navigate to URLs" in Capabilities and the Accessibility Audit/Browser Test workflows that "navigate to page" and "check accessibility"), so it ingests and interprets third-party web pages (potentially untrusted/user-generated) as part of its workflow.