chrome-cdp-live-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly exposes live logged-in pages and shows commands that fetch cookies and page content which are intended to be passed to the agent/LLM, so the model can receive and be asked to emit sensitive secrets (cookies, tokens, passwords) verbatim — high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly grants automated agents direct programmatic access to a user's live Chrome session — including logged-in pages, cookies, arbitrary JavaScript execution, and raw CDP commands — which intentionally enables credential/token access and easy exfiltration of sensitive data; the use of persistent per‑tab daemons (reused silently) increases stealth/persistence (no obfuscated payload or external C2 is shown, but exfiltration is trivial from the documented capabilities).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly lets the agent navigate to and read live arbitrary web pages and logged-in services (e.g., commands like "scripts/cdp.mjs nav https://example.com", "html", "snap", "eval") and the "Using in an Agent Workflow" example shows passing those page snapshots to an LLM and acting on them, so untrusted third-party page content can directly influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly navigates to and reads live pages (e.g., https://github.com/notifications) at runtime and example code shows those snapshots being passed to an LLM ("Reason about the page (pass to LLM, etc.)"), so external page content fetched at runtime can directly control agent prompts and behavior.