browser-forensics

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly extracts and prints sensitive artifacts (cookie.value, autofill/credential entries, recovered passwords, and search matches for "api_key"/"token"), which requires the LLM to handle and potentially output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests and displays arbitrary web content from users' browser artifacts — e.g., cached web content and extracted files (CacheAnalyzer.extract_all / extract_by_type), browsing history and download source URLs (DownloadAnalyzer.get_all_downloads / source_url), reading-list preview text (SafariParser.get_reading_list preview_text), bookmarks/collections and cache previews — which are third-party, user-originated content and would be read/interpreted by the agent as part of its workflow.