powerskills-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's interface and examples accept plaintext field values in the --fields-json (including passwords like "secret"), which requires the LLM to generate commands/JSON containing the exact secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to arbitrary URLs and extracts or evaluates page content (see SKILL.md actions "navigate", "content", "html" and the browser.ps1 implementations using Page.navigate and Runtime.evaluate), so it ingests untrusted public web content that could carry instructions influencing subsequent actions.