browser-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and API (e.g., await type(2, "secret123")) explicitly show embedding plaintext passwords/credentials into commands, which requires the LLM to include secret values verbatim in its generated output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows the agent navigating arbitrary public URLs (e.g., await tab("https://google.com"), --go "https://example.com/article") and using snap() and read() (Reader Mode) to ingest page/article content that the agent then uses to decide clicks, waits, downloads, and other actions, so untrusted third‑party web content can influence behavior.