agent-browser-e2e

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The template explicitly shows and instructs using a CLI command with --username and --password arguments (e.g., --password secret), which requires embedding secret values verbatim in generated commands and is therefore an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to open arbitrary URLs and interact with page content (e.g., "agent-browser open ", "agent-browser auth login myapp --url ", "snapshot", "get text", and judgment gates based on page errors/content"), which means the agent will fetch and interpret untrusted third‑party web content that can influence its actions.