Browser Automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes examples that place secrets directly into CLI command prompts (e.g., an act prompt with "password field with 'pass123'") and shows API key placeholders in .env usage, which encourages the agent to emit or embed secret values verbatim in generated commands — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens arbitrary web pages via Puppeteer (e.g., the "npx @midscene/web@1 connect --url" command and related browsing/scraping examples) and takes screenshots/reads page content to scrape or interact with sites, so it ingests untrusted public third‑party web content as part of its workflow.