agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples and commands that take credentials or passwords as literal command-line arguments (e.g., proxy URLs with user:pass, set credentials user pass, fill "password123", cookies/storage set), which would require the agent/LLM to place secret values verbatim into generated commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill autonomously opens and interacts with arbitrary external URLs and ingests page content (e.g., agent-browser open , snapshot -i, get text body in SKILL.md and templates/capture-workflow.sh), so untrusted third‑party web content can be read and drive subsequent actions.