browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and workflow show filling form fields with literal credentials (e.g., page.fill(..., "secret")), which requires the agent to embed secret values verbatim in generated commands/JS, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to navigate to arbitrary external websites (e.g., Core Workflow and examples showing await page.goto("https://example.com") and Data Extraction using page.$$eval), take snapshots, extract data, and act on page content, which means it will read and act on untrusted public web content that could contain malicious or instructional text.