browser-use

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and commands that pass API keys, cookies, and passwords directly as command-line arguments or input (e.g., browser-use cloud login <api-key>, cookies set <name> <value>, and chaining input ... "password"), which requires the agent to handle and emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens arbitrary web pages and interacts with their content (e.g., "browser-use open " plus commands like browser-use state, get html, get text, and eval in SKILL.md), so the agent will fetch and read untrusted/public third-party pages whose content could influence subsequent actions.