agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains commands that take and embed secrets directly in CLI arguments (e.g., set credentials user pass, set headers '{"X-Key":"v"}', cookies set name value, and form fills with passwords/credit-card numbers), which would require the LLM to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow (SKILL.md) explicitly navigates to arbitrary URLs via "agent-browser open " and then snapshots/reads page content (e.g., "agent-browser snapshot -i", "agent-browser get text @e1", "agent-browser eval ...") so the agent will ingest and act on untrusted public web content which could contain instructions that alter its actions.