dogfood

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to ask for and inject user credentials/OTPs directly into agent-browser commands (e.g., agent-browser --session ... fill "{PASSWORD}"), which requires the LLM to handle and potentially emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and crawls a user-supplied Target URL and uses agent-browser snapshot/screenshot/console commands to read and interact with page content (see SKILL.md: "agent-browser --session {SESSION} open {TARGET_URL}" and "snapshot — for reading page content"), so it ingests arbitrary public third-party pages that can influence exploration and subsequent actions.