chrome-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes form-fill/tool invocation examples with plaintext "value" fields (e.g., password_field: "password123", fill_form/form_input) which would require the agent to embed real credentials verbatim into generated tool calls/commands if real secrets are supplied, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions and tools (e.g., SKILL.md and the execution steps) explicitly navigate to arbitrary URLs and extract/read page content—see mcp__claude-in-chrome__navigate and mcp__claude-in-chrome__get_page_text / devtools__navigate_page and devtools__get_page_text in the instructions—so it ingests untrusted third-party (public/web) content that can directly influence subsequent actions.