browserwing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit example where the agent types a user's plaintext password ("secret123") into API calls, which requires the LLM to handle and output secrets verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to navigate to arbitrary webpages (POST /navigate) and to read page structure and content via GET /snapshot, GET /page-text/GET /page-content and POST /extract, meaning it ingests untrusted public web content that the agent then uses to decide clicks/typing and other actions.