react-grab

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documented workflow and MCP integration explicitly let an AI agent call the get_element_context tool (SKILL.md / references/api.md / MCP Integration) to receive the selected browser element's HTML, component stack and text from any page the user selects, which clearly ingests untrusted/public DOM content that the agent then reads and uses to drive actions—enabling indirect prompt-injection from third-party pages.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime installation options include loading and executing third-party JavaScript from the CDN URL //unpkg.com/react-grab/dist/index.global.js (and running npx -y grab@latest which fetches/executes remote package code), which are fetched at runtime and run code that can drive agent prompt flows and integrations, making them required runtime dependencies that control agent behavior.