opencli-usage

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The documentation describes deliberate capabilities to access authenticated browser sessions via an unpacked extension and an auto-starting local daemon, intercept and "record every API call", and "auto-probe PUBLIC → COOKIE → HEADER" (plus automation of actions like bulk messaging), which are explicit design elements that enable credential access, data exfiltration, and remote/automated account manipulation if misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content (e.g., browser.md commands like opencli twitter thread / twitter reply, opencli reddit read, and opencli web read --url) and its AI Agent Workflow in plugins.md (opencli explore / synthesize / generate) states it analyzes and synthesizes pipelines from explored pages, so third‑party page content can materially influence subsequent tool actions.