web-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples that pass secrets (e.g., "secret123", "abc123") as literal CLI arguments and cookie/token values, which encourages embedding user API keys/passwords verbatim in generated commands or scripts, creating high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and ingests arbitrary public websites (e.g., nav.js, eval.js, get-meta.js and the "subagent web-browser" examples that target pages like news.ycombinator.com and shittycodingagent.ai) and documents workflows that extract and act on page content (execute JS, scrape links, perform login flows), so untrusted third‑party page content can directly influence subsequent tool use and actions.