agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The agent-browser CLI uses commands like agent-browser fill @e2 "password123" and is explicitly intended for automating logins and auth flows, which requires inserting plaintext credentials into generated commands, creating a direct secret-exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly navigates to and extracts content from arbitrary public URLs (e.g., the core command "agent-browser open " and templates/capture-workflow.sh which opens a user-supplied TARGET_URL and runs "agent-browser get text body" and "snapshot -i"), so it ingests untrusted third‑party web content that could carry indirect prompt injection.