Passbolt only manage password not protecting them as people can see the password via browser reveal password features
Passbolt assumes that if somebody can use a password then they should also be allowed to see them. While some solution create a distinction by “visually hiding” it to the user, we didn’t go down that route as it gives a false sense of security: it’s possible with little technical knowledge to view it anyway once it’s inserted in a page by for example changing the input type from password to text on the page (or by inspecting the content of the http request using the browser console).
Current Passbolt CE, does not have autofill features
Passbolt CE does have an autofill feature. However it requires manual input (you click on the password icon, click on a suggestion, click on “use on this page”), so it’s not 100% “auto-filling”. The reason behind it is to ensure the user has full control of where and when a password is entered in a page, to reduce the security risks associated with password entry.
I hope this helps,