chrome-bridge-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill includes example act prompts that embed plaintext credentials (e.g., filling a password field with 'pass123') and instructs the agent to perform form fills, which can require the LLM to include secret values verbatim in generated commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md instructs the agent to connect to arbitrary web pages in the user's real Chrome browser via the Midscene Bridge (e.g., connect --url https://...), take screenshots of those pages, and read/interpret page content to drive act commands and scraping, which clearly ingests untrusted third-party web content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires a runtime MIDSCENE_MODEL_BASE_URL (e.g., https://generativelanguage.googleapis.com/v1beta/openai/ or https://openrouter.ai/api/v1) which is called during execution to perform model inference whose outputs directly drive the agent's prompts/actions, so this external endpoint is a required runtime dependency that controls agent behavior.