dev-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's browser_script examples and findAndFill instructions place plaintext passwords/secret strings directly into the action "text" fields, which would require the LLM to emit secret values verbatim (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md and references/scraping.md explicitly instruct the agent to navigate to arbitrary public URLs and use tools like browser_script, browser_evaluate, and browser_batch_actions to fetch and extract content (e.g., social posts, listings, search results) from untrusted third‑party websites, which the agent is expected to read and act on as part of its workflows.