browser-automation-agent

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and instructions show inserting plaintext secrets (e.g., passwords) directly into agent-browser commands and JS execSync calls (e.g., agent-browser fill @e3 "password123"), which requires the LLM to include secret values verbatim in generated output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to open arbitrary URLs with "agent-browser open ", take snapshots, and extract page text/HTML (see "browser_open_and_snapshot" and "browser_capture" sections and the "Agent prompt"), so it ingests untrusted public web content that can influence subsequent interactions.