browser-automation

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] The package and documentation describe a powerful browser-automation tool that intentionally leverages existing Chrome sessions and broad browser privileges. The design is functionally coherent but high risk: it enables credential-bearing requests, access to history/bookmarks, network capture, and exposes sensitive browser data to connected AI clients. I found no explicit embedded malware signs in the documentation, but the combination of required privileges and installation of native/unpacked components creates a moderate-to-high supply-chain and data-exfiltration risk. Strong mitigations (least privilege, authenticated clients, explicit user consent, reproducible builds, and independent code review) are recommended before trusting this tooling. LLM verification: This skill's stated purpose (control existing Chrome browser for automation, using existing login sessions) is coherent with the capabilities described. However, it carries meaningful supply-chain and data-exfiltration risk: installation requires running a third-party npm package and loading an unpacked Chrome extension from GitHub Releases (download-and-install), the bridge/extension can access cookies, history, bookmarks and network traffic, and multi-client support means browser-derived sensi