agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and documents commands that take credentials or passwords as literal arguments (e.g., fill "password123", set credentials user pass, proxy http://user:pass@...), which would force the agent to include secret values verbatim in generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill can navigate to arbitrary public URLs with "agent-browser open " and then snapshot or read page content (e.g., "agent-browser snapshot", "get text @e1", "get html @e1"), so it ingests untrusted third-party web content that could contain indirect prompt injections.