agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill's examples and inputs (e.g., filling password fields, "proxy_password": "pass", and JSON "text" fields) require composing infsh commands that embed cleartext credentials, so an LLM would need to output secret values verbatim to perform those actions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's open/goto/snapshot/execute functions (shown in SKILL.md and examples like templates/capture-workflow.sh) navigate to arbitrary URLs and return page text/elements (elements_text, document.body.innerText) that the agent reads and uses to decide and perform actions, exposing it to untrusted third‑party web content.