agent-browser-4

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and command forms that require embedding secrets verbatim (e.g., filling a plaintext password, proxy URLs with user:pass, and set credentials user pass), which would cause an LLM to output sensitive values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary URLs and ingests page content (SKILL.md "agent-browser open " and snapshot/get text commands) and the templates (templates/capture-workflow.sh and templates/form-automation.sh) show workflows that read and act on untrusted public web pages, so third-party page content can influence agent actions.