crawler

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to extract and log cookies and localStorage tokens (e.g., console.log(JSON.stringify(await context.cookies()))) and to document "auth/network details," which forces handling and likely outputting secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill explicitly instructs intercepting and harvesting authentication material (cookies, localStorage tokens, Authorization headers), reusing them in generated crawlers, and provides detailed anti-bot evasion (Anti-Detect/Nstbrowser, fingerprint spoofing, residential IP guidance) and captcha-solving guidance—patterns that facilitate credential theft, unauthorized data exfiltration, and bypassing defenses, indicating high likelihood of malicious intent or abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow and quick_commands explicitly instruct the agent to navigate to arbitrary target URLs (e.g., playwriter -s 1 -e "state.page = await context.newPage(); await state.page.goto('https://target.com')") and to intercept and read responses, page content, cookies and localStorage (e.g., state.page.on('response'), context.cookies(), localStorage.getItem('token')) — meaning it ingests untrusted public web content at runtime which directly influences method selection and generated crawler code (see SKILL.md and rules/network-crawling.md).