browsing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's actions require producing raw input payloads (e.g., the "type" action with a password example {payload: "pass123\n"}), so an agent would need to include secret values verbatim in its generated action payloads/commands, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's use_browser/chrome-ws workflows (SKILL.md and EXAMPLES.md) explicitly navigate to arbitrary public URLs (e.g., {action: "navigate", payload: "https://example.com"}, web-scraping and "Cross-Reference between sites" examples) and extract/evaluate page content which the agent then uses in follow-up actions (filling forms, driving decisions), meaning untrusted third-party webpages can supply instructions or data that materially influence subsequent tool use.