agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains examples and commands that pass credentials verbatim (e.g., fill @e2 "password123", proxy URLs with user:pass, set credentials user pass, header JSON), which would require the agent/LLM to include secret values directly in generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to arbitrary external URLs (e.g., the "agent-browser open " command and templates/capture-workflow.sh/form-automation.sh) and uses snapshot/get text to read page content, which exposes the agent to untrusted public web/user-generated content.