browseros

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and instructs using fill commands with plaintext credentials (e.g., fill 11 "password123") and requires embedding user-supplied form data into CLI commands, which would force the LLM to include secret values verbatim in generated outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and references/cli-commands.md explicitly instruct using browseros-cli to open arbitrary URLs and extract/inspect page content (e.g., "open ", "text", "snap", "dom", "dom-search"), meaning the agent will fetch and interpret untrusted third-party web content as part of its interaction loop.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's setup requires installing and running the browseros-cli via commands like "npm install -g browseros-cli" (which fetches and executes code from the npm registry, e.g. https://registry.npmjs.org/browseros-cli), so it depends on runtime-fetched external code that will be executed locally.