tabbit-devtools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read DevToolsActivePort and return and inject the live wsEndpoint (port and browser path) verbatim into agent-browser commands, which requires outputting potentially sensitive connection strings.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects the agent to a live Tabbit browser and then instructs the agent to use agent-browser commands like "open " and "snapshot -i" (see SKILL.md Workflow and references/setup.md example "python3 ... run_agent_browser_on_tabbit.py open https://www.baidu.com" and scripts/run_agent_browser_on_tabbit.py which injects arbitrary agent-browser args), meaning the agent will fetch and read arbitrary public web pages (untrusted third‑party content) as part of its runtime workflow and those pages could influence subsequent tool actions.