agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes CLI actions that embed secrets directly (e.g., set headers '{"X-Key":"v"}', set credentials user pass, cookies set name value), which would require the agent to include API keys/tokens/passwords verbatim in its generated commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly navigates to arbitrary URLs via "agent-browser open " and exposes page content through commands like "snapshot", "get text", "get html", and "eval", meaning it fetches and ingests untrusted public web content (websites, social media, forums) that could carry indirect prompt injections.