browserwing-admin

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains explicit examples that embed API keys, bearer tokens, and cookie values directly in curl commands and JSON payloads (e.g., "api_key": "sk-xxx", Authorization: Bearer , cookie "value": "abc123"), which would require the LLM to accept and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's AI Autonomous Exploration and script execution workflows explicitly instruct the agent to browse and scrape arbitrary public websites (e.g., POST /api/v1/ai-explore/start with a start_url like https://www.bilibili.com and the /api/v1/scripts//play and /api/v1/scripts/play/result endpoints), so untrusted third-party page content can be ingested and directly influence generated scripts and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires an external LLM at runtime (example base_url "https://api.openai.com/v1") whose responses are used by AI Explorer / agent features to generate scripts and drive agent behavior, so this remote API can directly control prompts/instructions and is a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly includes sudo commands that modify /etc (adding an apt source and installing Google Chrome) and instructs system-level changes that require elevated privileges, so it pushes the agent to alter the host system state.