browser-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs collecting credentials (email, password) and resuming the subagent by embedding them verbatim in the Task resume prompt (e.g., "email: x, password: y"), which exposes secrets in LLM prompts/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill issues navigation and scraping commands (e.g., browser_run_code with page.goto, browser_navigate, and browser_snapshot) that fetch and return arbitrary public web pages and their content for the agent to read and act on, exposing it to untrusted third‑party/user‑generated content and possible indirect prompt injection.