agent-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and CLI commands that embed credentials directly (e.g., agent-browser fill "password123", agent-browser fill "$PASSWORD", agent-browser set credentials , cookies/storage set ), which would require the LLM to output secret values verbatim to perform those actions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs agents to "agent-browser open " and use "agent-browser snapshot -i", "agent-browser get text", and "exec:agent-browser" to read and interact with arbitrary web pages (Core Workflow / Essential Commands), so untrusted third‑party web content can be ingested and directly influence subsequent actions.