shopping-admin-browser-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly shows and requires passing plaintext admin usernames/passwords as command-line arguments and in tool calls (e.g., "python admin_login.py ... admin1234" and type_text with text='admin'), which forces the agent to include secret values verbatim in generated commands.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The package exposes an unauthenticated local Unix socket that accepts arbitrary code and uses eval/exec on incoming commands (allowing remote code execution as the server user), plus it runs external npm tooling via npx and exposes a debugpy listener — together these create a high-risk RCE/backdoor and supply-chain vector despite no obvious external exfiltration code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill provides browser navigation and snapshotting of arbitrary URLs (e.g., BrowserTools.navigate() and snapshot() in scripts/utils.py, run_browser_ops.py -c which sends commands to browser_server.py, and browser_server.execute_command), allowing the agent to fetch and read arbitrary public web pages whose content is untrusted and could contain injected instructions.