anything-analyzer-cdp
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to clone a codebase from a third-party GitHub repository (github.com/MouseWW/anything-analyzer.git) that is not owned by the skill's author or a trusted organization.
- [REMOTE_CODE_EXECUTION]: The installation process requires running 'pnpm install' and 'pnpm build' on the cloned repository, which executes lifecycle scripts from unverified source code, potentially leading to a machine compromise.
- [DATA_EXFILTRATION]: The application captures and transmits sensitive authentication data (cookies, auth headers, and passwords from registration flows) to external AI providers such as OpenAI and Anthropic. While this is the stated purpose of the tool, it represents a significant data privacy risk.
- [COMMAND_EXECUTION]: The skill utilizes Chrome DevTools Protocol (CDP) to dynamically inject JavaScript into the browser to override sensitive APIs like fetch, XMLHttpRequest, and crypto.subtle for monitoring purposes.
- [PROMPT_INJECTION]: The skill processes untrusted web traffic and interpolates it into prompts without sufficient sanitization, exposing the system to indirect prompt injection where malicious website content could manipulate the AI's analysis.
- Ingestion points: Captured network requests, response bodies, and JS hook events from the browser session.
- Boundary markers: Minimal markers like markdown bolding and horizontal rules are used in src/main/ai/prompt-builder.ts, which may not prevent the AI from following instructions embedded in the captured data.
- Capability inventory: The AI output is used to generate markdown reports for the user within the Electron environment.
- Sanitization: No sanitization, escaping, or filtering of the captured web content is performed before it is included in the LLM prompt.
Audit Metadata