opencli-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples and commands that read or inject sensitive values verbatim (e.g., browser type ... "hunter2" for passwords and eval reading cardnumber values), which requires the agent to handle and output secret values directly, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly drives a live browser and fetches/arbitrarily reads public web pages (e.g., "opencli web read --url ", "browser extract", "browser get html", "browser network --detail", and examples like opening "https://news.ycombinator.com"), so the agent will ingest untrusted third‑party content and act on it as part of its workflow.