controlling-chrome-with-surfcli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secrets and passwords directly into CLI commands and workflow arguments (e.g., --value "abc123", --password "secret", surf do with password), which would require the LLM to handle and emit secret values verbatim if used that way.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary public URLs and reads/interprets page content (e.g., surf navigate, surf page.read / surf page.text, surf do workflows) and also integrates/searches public social sites (e.g., surf grok for X posts and surf gemini with YouTube), so the agent ingests untrusted, user-generated third‑party web content.