browser-content-capture

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext credentials in commands (e.g., agent-browser fill ... "password123") and instructs filling/saving authentication state, which encourages the agent to accept and place secret values verbatim into CLI commands or saved state, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly opens and scrapes arbitrary web pages (e.g., "agent-browser open ", the multi-page-crawl that evals document.querySelectorAll('nav a'), and "get text body") to extract and interpret content from public sites, so it ingests untrusted third-party content that could contain indirect prompt injections.