camofox-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that embed plaintext credentials in commands (e.g., camofox type @e2 "password123" and inline HTTPS_PROXY usage), which encourages the agent to accept and emit secret values verbatim in generated commands—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill automates browsing of arbitrary public websites (e.g., camofox open , POST /tabs/:tabId/navigate and the search macros for reddit/twitter) and returns snapshots/screenshots via /tabs/:tabId/snapshot and CLI/templates (stealth-scrape.sh, multi-session.sh) that the agent is expected to read, exposing it to untrusted user-generated third‑party content that could carry indirect prompt injection.