browser-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes patterns that embed plaintext credentials into generated CLI commands (e.g., --fill '#password=secret' and examples with --fill='#username=...' --fill='#password=...'), meaning an agent would need to handle and output secret values verbatim — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and scrapes arbitrary public websites (e.g., SKILL.md's navigate/extract/interact examples using https://example.com and https://www.instacart.com) and uses page content via --eval/document.body.innerText to make decisions and drive follow-up actions (clicks, form submits), so untrusted third‑party page content can materially influence tool behavior.