browser-tools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The tool explicitly exposes browser cookies and can load the user's profile (cookies/logins), so the agent may receive session tokens or credentials that could be reproduced verbatim in outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and extracts content from arbitrary public URLs (browser-nav.js and browser-content.js) and scrapes user-generated posts from Hacker News (browser-hn-scraper.js), so untrusted third‑party page content is read and can influence subsequent agent actions.