scrapling

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs replacing template parameters with user-provided cookies and saving/rehydrating cookies in a cookie-vault (and generating/executing scripts that likely embed those cookie values), which requires the LLM to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and executes against arbitrary user-provided public URLs (see SKILL.md "Use when: 用户提供 URL 并要求获取页面内容或特定元素" and templates like templates/basic_fetch.py, templates/stealth_cloudflare.py, templates/session_login.py which call Fetcher/StealthyFetcher/FetcherSession) and its workflow requires reading site content and site-patterns.md ("每次抓取前先查阅") to choose fetchers and follow-up actions, so untrusted third‑party page content can directly influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime templates call StealthyFetcher/DynamicFetcher to fetch and render arbitrary external URLs (e.g., https://protected.example.com shown in the README and templates/stealth_cloudflare.py), which will execute remote JavaScript in a headless browser during skill runtime and thus executes remote code.