browser-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's patterns and example workflow show embedding plaintext credentials (e.g., password "testpass") directly into browser_fill_form and similar commands, which would require the LLM to output secret values verbatim and thus risks secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill instructs the agent to navigate arbitrary URLs and extract data from web pages (see "Core Operations: browser_navigate" and "Good use cases: Extracting data from web pages" / "When exploring unknown pages"), meaning it clearly ingests untrusted third‑party web content that could carry indirect prompt injections.