reddit-browser-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and usage patterns that pass passwords (and could pass other secrets) directly as command-line arguments or text fields (e.g., "SecurePass123!" and python sign_up.py ), which requires the agent to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The code exposes a Unix-socket‑backed browser server that evals/ecexs exec-style input from clients (and the run-time also evals code strings), allowing arbitrary code execution via the socket (and thus potential credential/data exfiltration and system compromise); combined with pulling remote MCP packages via npx this is a high-risk pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill exposes the agent to arbitrary web content because its BrowserTools.navigate and snapshot methods (in scripts/utils.py) and the run_browser_ops.py / browser_client.py tooling allow navigating to arbitrary URLs and capturing page snapshots, console messages, and network requests, so the agent will fetch and read untrusted public/user-generated web pages.