agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill includes examples and commands that embed credentials or secret values verbatim (e.g., fill @e2 "password123", cookies set --value "abc", set credentials "user" "pass"), so an LLM using it may be required to output secret values directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to open arbitrary webpages (agent-browser open ) and to snapshot/parse their content (agent-browser snapshot -i --json) — e.g., the "Search and Extract" example that opens news.ycombinator.com — which causes the agent to fetch and interpret untrusted, user-generated public web content as part of its workflow.