agent-browser-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed plaintext credentials directly into agent-browser commands (e.g., agent-browser fill @e2 "admin123456"), which requires the LLM to output secret values verbatim and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill can open arbitrary URLs via "agent-browser open " and then capture and return page content (e.g., snapshot, get text, get html), which means it will ingest untrusted public web pages and user-generated content directly into the agent's workflow.