agent-browser
Fail
Audited by Snyk on May 9, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The prompt includes multiple examples that pass passwords, tokens, and session state in plaintext (e.g., fill "password123", card numbers, state files containing session tokens) and shows CLI commands that embed secrets directly, so an LLM following these examples may be required to handle or emit secret values verbatim.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly opens and ingests arbitrary public web pages (e.g., "agent-browser open ", "agent-browser snapshot -i", "agent-browser get text body" in SKILL.md and templates/capture-workflow.sh), and uses that untrusted page content (refs/text) to drive actions like clicks/fills, so third‑party pages can materially influence agent behavior and enable indirect prompt injection.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata