agent-browser-commands

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands and examples that embed secrets verbatim (e.g., --password in auth save, --headers '{"Authorization":"Bearer token"}', cookies/storage set, and batch examples with plaintext passwords), so an LLM driving these commands would need to include secret values directly in its outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly allows navigating to arbitrary URLs via the open <url> command and includes commands that fetch and read page content (snapshot, get html, get text, get title, network request <requestId>, eval "JS code") which the agent is expected to interpret and then perform actions (click/fill/type), exposing it to untrusted public web content that could indirectly inject instructions.