browser-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask for user credentials and to "browser_type" the password field (and warns only not to store them), which requires the model to receive and inject secret values verbatim into actions/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows and agent prompt (SKILL.md "Product Search & Purchase", "Price Comparison", and the agent system_prompt in HAND.toml) explicitly use browser_navigate, browser_read_page, web_search, and web_fetch to visit and read arbitrary public store or website URLs, meaning untrusted third-party page content is ingested and can drive clicks/decisions.