agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and commands (e.g., fill @e4 "password123") demonstrate embedding plaintext passwords directly into agent-browser commands, which requires the LLM to handle and reproduce secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens arbitrary public URLs and retrieves page content (e.g., "agent-browser open " and the AI Snapshot Workflow in SKILL.md and references/ai-snapshot-workflow.md), then parses snapshot/get text/get html/eval output and uses those results to decide clicks/fills/navigation, so untrusted third‑party pages can materially influence agent actions.