core-agent-browser
Fail
Audited by Snyk on May 12, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill's examples and CLI usage show filling inputs with plaintext secrets (e.g., agent-browser fill @e2 "password123"), which requires embedding secret values verbatim in commands/output and thus risks exfiltration.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows it navigates to arbitrary URLs (agent-browser open ) and snapshots/gets page text and elements (agent-browser snapshot, get text, find ...) so the agent fetches and interprets untrusted public web content which can directly drive clicks/fills and subsequent actions.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata