cookie-sync

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The script intentionally exports full browser cookies from local Chrome and uploads them to a remote Browserbase context (persistent, keep-alive session), which is deliberate sensitive-data exfiltration that can be abused (e.g., if an attacker supplies/controls the API key or convinces a user to run it), though there is no obfuscated/backdoor code or remote-exec payload in the repo.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md) and examples (EXAMPLES.md) explicitly instruct the agent to open and navigate arbitrary public websites (e.g., https://mail.google.com, https://github.com/notifications, x.com/twitter pages) in a cloud browser after syncing cookies, meaning it fetches untrusted, user-generated third‑party content as part of runtime operations that can influence subsequent tool actions (navigation, screenshots, session interactions).