browser-use

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill exposes commands that read/export cookies and accept cookie values verbatim (e.g., cookies get, cookies export, cookies set <name> <value>), which can contain session tokens and would require the agent to handle or output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md explicitly instructs the agent to navigate and extract content from public social media (LinkedIn, Instagram, X) using commands like "open", "get html", "get text", and "scrape leads", meaning it ingests untrusted user-generated posts/DMs/bios as part of its workflow and could enable indirect prompt injection.