Browser Automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes literal plaintext credentials (e.g., 'securepass', 'Test123!') and instructs filling password fields with them, which requires the LLM to handle and potentially emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md's "Data Extraction" and "Web Scraping" (notably the scraping_workflow that navigates to external sites like "https://news.example.com", extract_all, and paginate) instructs the agent to fetch and ingest public web page content which the agent reads and uses to drive outputs and next actions, exposing it to untrusted third-party content.