browser-use

[Skill Scanner] Instruction directing agent to run/execute external content All findings: [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The skill/documentation is broadly benign and aligned with its stated purpose of browser automation for testing, form filling, screenshots, and data extraction. It presents legitimate, feature-rich workflows (including authenticated browsing and cloud/task orchestration) but includes high-sensitivity data flows (cookies, profiles) that require careful handling and explicit user consent in practice. No clear malicious activity detected within the fragment itself. LLM verification: The skill is a capable browser automation CLI with legitimate uses, but it exposes multiple high-privilege capabilities that materially increase supply-chain and privacy risk: copying real Chrome profiles, unrestricted cookie access, arbitrary JS eval, and cloud-based execution. The fragment does not document safeguards (confirmation prompts, scoping, telemetry controls, or cloud data policies). I do not find direct evidence of malware or obfuscation in the provided text, but the combination of