lightpanda-browser

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs include direct nightly GitHub release binaries (curl + chmod +x) from an unfamiliar project with no signatures or provenance checks—an often-used vector for distributing malware—while the remaining links (docs, GitHub repos, example.com, and localhost CDP endpoints) are lower risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly shows fetching and scraping arbitrary public web pages (see "CLI Usage: Fetch a URL", the Playwright/Puppeteer examples, and the "Web Scraping Patterns" batch page fetching section) so the agent will ingest untrusted, user-generated third-party content that could influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's install instructions fetch and run remote binaries (e.g., curl -L -o lightpanda https://github.com/lightpanda-io/browser/releases/download/nightly/lightpanda-x86_64-linux) and also reference git clone/docker image pulls (https://github.com/lightpanda-io/browser.git, lightpanda/browser:nightly), which download required code that will be executed—constituting a runtime external dependency that executes remote code.