agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill's examples and commands explicitly show embedding plaintext secrets into CLI arguments and fills (e.g., fill @e2 "password123", set headers '{"X-Key":"v"}', set credentials user pass, cookies set name value), meaning an agent would need to include secret values verbatim in its generated commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "agent-browser open " and to run "agent-browser snapshot -i" / "get text @e1" to read and then interact with arbitrary web pages, so the skill fetches and ingests untrusted public web content (open/public URLs) and requires the agent to interpret that content to decide clicks/fills/navigation.