browser-navigation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill's examples and CLI commands show and allow embedding secrets verbatim (e.g., filling passwords, setting headers/cookies/credentials with literal values or files), which would require the LLM to include secret values directly in generated commands or outputs and thus risks exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly navigates to arbitrary URLs (agent-browser open ) and provides commands to snapshot, get text/get html, and scrape public web pages (e.g., "Scraping Data" and "get text @e1"), so the agent will ingest and interpret untrusted third-party web content that could contain indirect prompt injections.