browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secrets verbatim (e.g., filling a password string and passing an Authorization Bearer token in a CLI --headers argument), which instructs the agent to output or transmit secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md workflow and commands (e.g., "agent-browser open ", "agent-browser snapshot -i --json", "agent-browser get text/get html", and related examples) explicitly fetch and parse arbitrary public web pages and use that content to drive interactions, so untrusted third-party page content can influence agent actions.