agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and workflows that place passwords and other secrets directly into CLI arguments (e.g., agent-browser fill @e2 "password123" and fill @e2 "$PASSWORD"), which would require the LLM to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and scrapes arbitrary public URLs (e.g., SKILL.md "agent-browser open ", references/commands.md "get text body", and templates/capture-workflow.sh / form-automation.sh) and then snapshots/parses that untrusted page content to drive interactions, so third-party content can influence agent actions.