agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples and commands that place passwords, header values, cookies, and credentials directly into CLI arguments (e.g., fill @e2 "password123", set credentials user pass, set headers '{"X-Key":"v"}'), which would require the agent to emit secret values verbatim and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md shows the agent explicitly navigates to arbitrary URLs (agent-browser open ), snapshots and reads page content (agent-browser snapshot -i, get text/get html) and even evaluates page JS (eval), so it fetches and interprets untrusted public web content which can directly drive subsequent actions.