remote-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's CLI and examples (e.g., browser-use input "password", browser-use cookies set , CDP URLs) require embedding credential/cookie values directly into commands, so an agent would need to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly lets the agent open arbitrary URLs and retrieve/inspect page content (e.g., "browser-use open " plus "browser-use state", "get html", "get text", and "eval" in the Commands/Core Workflow), meaning the agent will fetch and interpret untrusted third‑party web content that can drive subsequent clicks/actions.