browser-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's tool calls (e.g., chrome_fill_or_select with value fields) and the login example require the agent to include user passwords or other secret form values verbatim in generated tool calls, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the agent can navigate to arbitrary public URLs and extract/analyze page content (tools like chrome_navigate and chrome_get_web_content and examples visiting github.com/example.com), and then take actions (fill forms, click, send requests), so untrusted third‑party web content can materially influence the agent's actions.