Browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly captures and reports full network requests including headers and console logs (which can contain Authorization tokens, cookies, or API keys), so the agent would need to read and could output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's primary workflow (SKILL.md and Tools/Browse.ts) explicitly navigates to arbitrary URLs and the BrowserSession /navigate and extract/verify workflows (Workflows/Extract.md, Workflows/VerifyPage.md) read page text/HTML/console logs (and Update.md even fetches raw GitHub README), so untrusted public web content is fetched and interpreted and can influence subsequent actions.