chrome-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes hard-coded credentials and examples that embed secrets verbatim (e.g., Authorization: 'Bearer token', cookie value 'abc123', passwords like 'password123' and login automation), which would require an agent to place secret values directly into generated code/requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly performs navigation and scraping of arbitrary public websites (e.g., the "数据抓取" scrapeData(url) function and many page.goto(url) + page.evaluate examples) so it ingests untrusted third-party content that the agent reads and could influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly instructs running system commands that kill Chrome processes and recommends Chrome flags that disable sandboxing (bypassing security protections), which alters machine state and weakens security even though it doesn't request sudo or edit privileged files.