agent-browser-automate

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands that instruct embedding tokens, bearer headers, and plaintext passwords directly into CLI arguments and form fills (e.g., --headers 'Authorization: Bearer ', storage set authToken "", set credentials , fill ""), which forces the agent to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly allows opening arbitrary URLs and inspecting/executing page content—e.g., "agent-browser open ", "snapshot", "eval", "find", and "wait --text"—so the agent fetches and interprets untrusted public web pages whose content can drive clicks, form submissions, and other automated actions.