agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains explicit examples and CLI options that embed credentials verbatim (e.g., fill @e2 "password123", --proxy with user:pass, set credentials user pass, cookies set name value), which would require the agent to output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill exposes the agent to untrusted third-party content because its "agent-browser open " command (and related commands like "snapshot", "get html", and "get text") fetch and return page content from arbitrary public URLs, which the agent reads and interprets as part of its workflow.