agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and CLI patterns that place plaintext credentials directly into commands (e.g., agent-browser fill @e2 "password123"), which would require the LLM to output secret values verbatim and enables secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's commands like "agent-browser open " plus "snapshot", "get text", and related navigation/interact features explicitly fetch and parse arbitrary public web pages (user-provided URLs), so the agent will read untrusted third-party content from the open web.