agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's command examples and flags (e.g., fill "password", set headers '{"X-Key":"v"}', set credentials user pass, cookies set name value, network route bodies) require embedding secrets or sensitive values directly as command arguments or payloads, so an LLM following the prompt would need to include secret values verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and ingests arbitrary public web pages (e.g., "agent-browser open ") and exposes commands that read/parse page content such as "snapshot", "get text"/"get html", and "eval", so it will consume untrusted third‑party/user-generated content from arbitrary URLs.