browser-tools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The tool explicitly exposes browser cookies and can load the user's profile (cookies/logins), so the agent may receive session tokens or credentials that could be reproduced verbatim in outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill autonomously navigates to and ingests content from arbitrary public websites (e.g., browser-content.js extracts readable content from any URL, browser-nav.js opens arbitrary URLs, browser-hn-scraper.js fetches Hacker News, and browser-eval.js runs page JS), so untrusted third‑party/user‑generated content can influence the agent's actions and decisions.