browser-use

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly documents a --api-key KEY flag and describes using BROWSER_USE_API_KEY / OPENAI_API_KEY etc. for agent tasks and remote mode, which encourages embedding API keys as command-line arguments or in agent-run commands, requiring the LLM to handle secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly opens and interacts with arbitrary public URLs via commands like "browser-use open " and exposes page content through "browser-use state", "browser.html", screenshots, and LLM-powered "extract"/agent runs, meaning it ingests untrusted third-party web content that could carry indirect prompt injections.