smooth-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes insecure patterns (e.g., instructing use of smooth config --api-key <api-key> and examples where credentials/metadata are embedded in commands/prompts or used to log in), which can require the LLM to include secret values verbatim in generated commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md explicitly instructs the agent to navigate and scrape arbitrary public sites and social forums (e.g., "Go to the LocalLLM subreddit" and the --url example "https://news.ycombinator.com"), so the agent will fetch and interpret untrusted, user-generated third-party content that can influence its actions.