Browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes examples and required CLI patterns that pass plaintext credentials directly in commands (e.g., playwright-cli fill e15 "password123" / prompts like "Type 'password' into the password field"), which would force the LLM to emit secret values verbatim if real credentials are supplied.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and ingests arbitrary public URLs (e.g., via bunx/playwright and curl in Tier 1 and the Automate workflow) and spawns BrowserAgent/UIReviewer tasks that read snapshots and decide what to click/type next (see Tier 2, Recipes/SummarizePage.md, Workflows/Automate.md and Workflows/ReviewStories.md which even reference public story files like Stories/HackerNews.yaml), so untrusted third‑party page content can materially influence agent actions.