browser-use

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill documents and demonstrates passing API keys and cookies inline (e.g., --api-key KEY, echo '{"api_key":"your-key-here"}' to config.json, cookie export/import and cookies get) which encourages embedding secrets verbatim in commands or files and could force the LLM to output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and interacts with arbitrary web pages (e.g., browser-use open <url>, browser-use get html, browser-use get text, and autonomous browser-use run / extract commands in SKILL.md), so the agent ingests untrusted public third‑party content that can materially influence actions and enable indirect prompt injection.