connect-chrome

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly connects a live browser and runs $B goto (see Step 4 demo to https://news.ycombinator.com) and Step 5 describes a sidebar agent that " navigates pages, click[s] buttons, fill[s] forms, and read[s] content," so it will fetch and interpret arbitrary public web pages/user-generated content and act on them from SKILL.md workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup step conditionally runs curl -fsSL https://bun.sh/install | BUN_VERSION=1.3.10 bash at runtime to install bun (used to build the browse tool), which fetches and immediately executes remote code and is a required dependency for the skill's setup.