just-scrape

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and flags that embed API keys, cookies, Authorization headers, and plaintext passwords directly in command arguments (e.g., --cookies '{"session":"abc123"}', --headers '{"Authorization":"Bearer token"}', "Fill password with secret"), which would require the agent to include secret values verbatim in generated commands and outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md shows the CLI fetches and processes arbitrary public URLs (e.g., commands like just-scrape smart-scraper , search-scraper , markdownify , crawl , scrape , and agentic-scraper ) to extract or act on web content, meaning untrusted third-party pages can be ingested and influence the agent's extraction/actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The CLI fetches arbitrary external webpages at runtime (e.g., target URLs such as https://example.com or https://store.example.com) and injects their scraped content into the AI extraction/prompt context, so remote content can directly influence the agent's prompts/results.