browser-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's tool calls (e.g., chrome_fill_or_select with a password value) require the agent to include user credentials verbatim in generated tool-invocation output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to navigate to arbitrary public websites (chrome_navigate in the "Navigate and Screenshot" and "Fill a Form" examples) and to extract and "analyze" page content via chrome_get_web_content ("Extract Content" example), meaning the agent will fetch and interpret untrusted third-party web pages that could contain indirect prompt-injection instructions.