browser-tools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill exposes and returns browser cookies and can load a user's profile (including session cookies and logins), which requires the agent to read and potentially output secret/session values verbatim, posing an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly navigates to and fetches content from arbitrary public URLs and sites (see SKILL.md "Navigate" and "Extract Page Content") and the included scripts—browser-content.js (extracts readable content from a provided URL), browser-nav.js (navigates to arbitrary URLs), browser-eval.js (executes page JS), browser-pick.js (reads DOM elements), and browser-hn-scraper.js (scrapes Hacker News)—cause untrusted, user-generated third-party web content to be ingested and interpreted in the agent's workflow, which can materially influence subsequent actions.