chrome-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes multiple hardcoded secrets (e.g., 'password123', 'abc123', 'Bearer token') and examples that embed credentials directly into requests/code, which would require the LLM to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes functions like scrapeData(url: string) and scrapeMultiplePages(urls: string[]) that call page.goto(url) and use page.evaluate/$$eval to fetch and extract content from arbitrary public websites, so it ingests untrusted third‑party (user-generated) web content that could carry indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt includes explicit instructions to disable Chrome's sandbox (e.g. '--no-sandbox', '--disable-setuid-sandbox'), which is a direct bypass of security mechanisms and raises meaningful risk even though it does not ask for sudo, modify system files, or create users.