qa-loop

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill instructs the agent to insert credentials verbatim into agent-browser commands and to read a project config containing test_credentials, so any real API keys/passwords or passwords would be embedded in generated commands/output and could be exfiltrated.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and drives a browser against a provided URL (e.g., "agent-browser open " and the /qa-loop <url> argument) and inspects page snapshots, console logs, and network responses as part of its required QA workflow, meaning it will fetch and interpret arbitrary third‑party web content (including user-generated content) which can influence navigation and actions.