browser-to-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill generates curl-ready examples and request/response samples (and records observed auth headers) from captured traffic and only performs best-effort redaction, so it can require emitting API keys/cookies/bearer tokens verbatim unless explicitly redacted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads arbitrary browser-trace captures (cdp/network/{requests,responses}.jsonl and optional browse-network bodies under /cdp/network/bodies/) via load.mjs, parses request/response bodies in infer.mjs, and then uses those untrusted third‑party bodies to infer schemas and generate OpenAPI, client.mjs, and report.md in emit.mjs — meaning external webpage content directly influences tool behavior and produced code.