browser-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes explicit examples of filling password fields with plaintext values and describes login/form automation that would require embedding user credentials verbatim in generated scripts, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly performs web scraping and page navigation (e.g., page.goto('https://example.com') and the "Data Extraction from Multiple Pages" $$eval that extracts .product-item textContent and image src) and therefore ingests open/public third‑party webpage content which could be untrusted or user‑generated and interpreted by the agent.