Browser Automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes plaintext credentials (e.g., 'securepass', 'Test123!') and instructs the agent to fill password fields with those values, which requires the LLM to emit secret values verbatim in automation commands — an explicit secret-handling/exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime browser automation can fetch and extract readable text from arbitrary web pages/URLs (e.g., navigation.goto.url and scraping.extract_text/extract_all), which are outsider-authored public web content that may be fed into the agent’s LLM context.