exploring-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's tools and examples explicitly show typing plaintext passwords into commands (e.g., browser_type text="secret123"), capturing request/response bodies and cookies, and exporting/importing sessions—actions that require the agent to include and potentially emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core workflow explicitly opens and navigates arbitrary URLs and ingests page content (browser_navigate → browser_snapshot, browser_get_text/browser_get_attr, Core.Browser.RunScript) and captures/analyzes network responses (browser_start_network_capture / browser_get_requests) from public sites as part of decision-making, so untrusted third‑party pages and responses can directly influence actions and flow construction (see SKILL.md "Workflow" and "Network Analysis for API Discovery").