agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands and examples that accept or demonstrate placing credentials, cookies, and passwords directly as CLI arguments or in fill commands (e.g., fill "password", set credentials , cookies set ), which would require the LLM to emit secret values verbatim if used that way.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly browses and scrapes arbitrary public URLs (e.g., the "agent-browser open " command and subsequent "snapshot", "get text", "get html", and eval commands) which exposes the agent to untrusted, user-generated third-party web content that it is expected to read and interpret.