chrome-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes multiple hardcoded secrets (e.g., 'password123', 'abc123', 'Bearer token') and examples that embed credentials directly into requests/code, which would require the LLM to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — SKILL.md explicitly shows runtime scraping of arbitrary public URLs (e.g., the scrapeData(url: string) function and other examples using await page.goto(url), page.evaluate(), and page.$$eval(...) to extract page content), so the agent will fetch and interpret untrusted third‑party web content that can influence its actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt includes explicit instructions to disable Chrome's sandbox (e.g. '--no-sandbox', '--disable-setuid-sandbox'), which is a direct bypass of security mechanisms and raises meaningful risk even though it does not ask for sudo, modify system files, or create users.