agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples and commands that place passwords, header values, cookies, and credentials directly into CLI arguments (e.g., fill @e2 "password123", set credentials user pass, set headers '{"X-Key":"v"}'), which would require the agent to emit secret values verbatim and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows the agent navigating to arbitrary URLs (agent-browser open ) and running snapshot/get text/get html/eval on page content, so it fetches and interprets untrusted public web pages whose content can influence subsequent actions.