firefox-debug

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to inspect storage for auth tokens and echoes storage values (and even shows a plaintext password example), which requires the LLM to read and return secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes the agent to arbitrary web content via tools like firefox-devtools.navigateToUrl (takes any URL) and firefox-devtools.getPageContent / getConsoleOutput / evaluateScript which fetch and interpret page content from third-party/public sites, enabling indirect prompt injection.