agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt's examples instruct the agent to fill form fields with literal credentials (e.g., agent-browser fill @e2 "password") and to save/load auth state files, which encourages embedding plaintext secrets directly in generated commands or files, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required AI workflow (SKILL.md and references/workflows.md) instructs the agent to open arbitrary URLs (agent-browser open ) and ingest page snapshots (agent-browser snapshot -i --json) from public websites which the AI "analyzes" to determine and execute subsequent actions, exposing it to untrusted third‑party content that could carry indirect prompt injections.