smooth-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that place API keys on the command line (smooth config --api-key ) and requires embedding and reusing verbatim session IDs/file IDs/credentials in subsequent commands, which forces the LLM to handle secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to navigate, fetch, and scrape arbitrary public websites (e.g., start-session --url and smooth run/extract examples like "https://news.ycombinator.com" and "Go to the LocalLLM subreddit"), so it ingests untrusted user-generated web content that the agent reads and can use to drive subsequent actions.