remote-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly documents CLI flags that accept secret values inline (e.g., --secret key=value and cookies set ), which encourages embedding secrets verbatim in commands/outputs and therefore risks secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to navigate and interact with arbitrary web pages (e.g., "browser-use open ", "browser-use run 'task' --start-url", and agent tasks like "Search for AI news and summarize top 3 articles" in SKILL.md), so it fetches and ingests untrusted public web content that can influence agent actions.