browser-tools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's Cookies tool explicitly "display[s] all cookies" and the profile/cookie inspection features can expose session tokens or other secrets, which would require the agent to read and potentially output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and scrapes arbitrary public web pages (browser-nav.js and browser-eval.js allow visiting and executing JS on user-supplied URLs, browser-content.js extracts readable content from a provided URL, and browser-hn-scraper.js scrapes Hacker News), so the agent consumes untrusted, user-generated third‑party content that can influence subsequent actions.