agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples explicitly embed plaintext secrets (e.g., "password123", "proxy_password": "pass") into CLI/JSON commands and form-fill actions, which requires the agent/LLM to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's open/goto functions accept arbitrary URLs (see SKILL.md and references/commands.md "url" field) and its snapshot/execute outputs (elements_text, document.body.innerText) and templates like capture-workflow explicitly fetch and return page content, so the agent will read and act on untrusted public web pages.