browser

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill documentation explicitly advertises capabilities to bypass bot defenses (automatic CAPTCHA solving, anti‑bot stealth, residential proxies), remote session persistence/contexts that can store and resume authenticated sessions, in‑page JS eval and network capture — a combination that strongly facilitates deliberate abuse (large‑scale scraping, credential harvesting, session hijacking, and covert data exfiltration) even though the files shown contain no obfuscated backdoor code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens arbitrary URLs and ingests page content (e.g., SKILL.md and EXAMPLES.md show commands like "browse open ", "browse snapshot", "browse get text 'body'" and examples that parse page text and switch modes based on page content such as Cloudflare interstitials), so it will read and act on untrusted public web content that could contain instructions influencing subsequent actions.