agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext credentials directly into agent-browser commands (e.g., agent-browser fill @e2 "password123") and instructs saving/loading auth state, which requires the LLM to produce or handle secret values verbatim—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to arbitrary external URLs using commands like "agent-browser open " and then snapshots and reads page content via "agent-browser snapshot", "agent-browser get text", and screenshots, so it ingests untrusted public web/user-generated content that could contain indirect prompt injections.