browser-to-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill generates OpenAPI docs, curl examples, and sample request/response artifacts directly from captured browser traces (including observed headers/bodies) and explicitly records "x-observed-auth" and curl-ready examples, so captured tokens/cookies/passwords could be emitted verbatim unless manually redacted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests network captures from arbitrary sites (reads browser-trace cdp/network/{requests,responses}.jsonl and optional browse-network bodies under /cdp/network/bodies/ in load.mjs and SKILL.md), then interprets those untrusted HTTP request/response bodies to infer schemas and generate OpenAPI/client code that can change downstream behavior, so third-party content can materially influence actions.