agent-browser
Fail
Audited by Snyk on Jul 7, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill documentation includes examples that embed plaintext secrets (e.g., "password123" and proxy_username/proxy_password) directly in CLI JSON inputs, forcing an agent to include secret values verbatim in commands/requests.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow navigates to a user-supplied URL and then ingests the page’s extracted text/element descriptions (e.g.,
elements_textfromsnapshot/open), which is outsider-authored free text from public web content into the agent’s LLM context.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata