agentic-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and API use cases show secrets (e.g., passwords, proxy_password) being placed directly into command/JSON inputs (e.g., fill actions and proxy fields), which would require the LLM to include secret values verbatim in generated commands—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's open/goto/snapshot/execute functions navigate to and scrape arbitrary public URLs (e.g., examples showing "https://google.com" and "https://example.com") and run/interpret page DOM/JS, which exposes the agent to untrusted third‑party web content.