agentation-self-driving

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] The skill is coherent with its stated purpose: it needs and uses broad DOM inspection and coordinate-based interactions to create visible annotations. I found no direct evidence of obfuscated or intentionally malicious code, hardcoded secrets, or external downloads. The main risk is privacy/exfiltration: the automation reads arbitrary page DOM and snapshot contents (which may include sensitive data) and the documented Two-Session/MCP flow can forward annotations to a listening agent/process whose destination is not specified. That forwarding path is the primary place where sensitive data could leave the host. Overall, the skill appears functionally legitimate for UI critique but carries moderate privacy risk if used on sensitive pages or connected to remote agents. LLM verification: The skill's behavior and instructions match its stated purpose (visual UI annotation using a headed browser and the Agentation toolbar). I found no direct indicators of malware or deliberate backdoor functionality in the provided file. The primary risks are: (1) supply-chain risk from an unpinned npm install instruction; (2) privacy/data-exposure risk because snapshots and arbitrary eval can capture sensitive page content and there is no guidance to redact; (3) brittle coordinate-based interacti