browser-content-capture

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples of embedding credentials verbatim into commands (e.g., agent-browser fill @e2 "password123" and fill with "$PASSWORD") and saving/restoring auth state files, which instructs the agent to handle and potentially output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens and crawls arbitrary public URLs (e.g., "agent-browser open ", the multi-page-crawl scripts, and the sitemap check with curl "$ARGUMENTS/sitemap.xml") and extracts page text/links for processing, so the agent ingests untrusted third-party web content that could carry indirect prompt injection.