interact-with-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and encourages embedding Authorization headers and bearer tokens directly in CLI commands (e.g., --headers '{"Authorization":"Bearer "}'), which requires the agent/LLM to include secret values verbatim in generated output and thus poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill can navigate to arbitrary public URLs using "agent-browser open " and then retrieve and parse page content with commands like "snapshot", "get text", "get html", and "eval", meaning the agent will ingest untrusted third‑party web content as part of its workflow and could be exposed to indirect prompt injection.