browser-automation-agent
Fail
Audited by Snyk on May 27, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt's examples and code embed credentials directly into CLI commands and execSync strings (e.g., agent-browser fill @e3 "password123"), which requires the agent/LLM to include secret values verbatim in generated commands or outputs.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to open arbitrary URLs with "agent-browser open ", take snapshots, and extract page text/HTML (see "browser_open_and_snapshot" and "browser_capture" sections and the "Agent prompt"), so it ingests untrusted public web content that can influence subsequent interactions.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata