agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and CLI usage show credentials passed verbatim (e.g., agent-browser fill @e2 "password123") and saving/loading auth state, which requires the agent to handle/output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly navigates to arbitrary URLs via the "agent-browser open " command and ingests page content through "snapshot", "get text", and related commands, which allows the agent to read untrusted/public web pages and user-generated content that could contain indirect prompt injections.