oneshot-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly accepts a secrets field (e.g., { "github.com": "user:token" }) for auto-login, which requires the agent to receive and use raw credential values and may cause those secrets to be embedded verbatim in generated requests or actions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The required runtime workflow for agent.browser(options) ingests outsider-authored free text from public web pages (e.g., the start_url/navigated pages’ readable content) into the agent’s LLM context to perform the natural-language task and structured extraction.