dogfood

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to request and insert user credentials and OTPs into commands (e.g., agent-browser ... fill "{PASSWORD}"), which requires the LLM to handle and output secrets verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to open and systematically explore an arbitrary Target URL (e.g., "agent-browser --session {SESSION} open {TARGET_URL}" and use snapshot/read commands to read page content and drive navigation), so it fetches and interprets untrusted third‑party web content that can influence subsequent actions.