agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands and examples that embed plaintext credentials directly (e.g., fill @e2 "password123", proxy URLs with user:pass, and set credentials user pass), which encourages the agent to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md shows the skill navigates to arbitrary public URLs via "agent-browser open " and then uses "snapshot", "get text", "find", "eval", and other interaction commands to read and act on page content (e.g., SKILL.md Navigation and Snapshot sections), which exposes the agent to untrusted third-party webpages that can influence its actions.