shopping-browser-automation

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The code exposes remote code execution and arbitrary-eval vectors: browser_server accepts JSON commands over a Unix socket and uses eval()/exec() to run received code (and run_standalone similarly evals user-provided code), which creates a high-risk backdoor/RCE possibility (allowing data exfiltration or system compromise even though no explicit external exfiltration URL is present).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill allows navigating to arbitrary public URLs and capturing/processing page content (e.g., BrowserTools.navigate, BrowserTools.tab_new, BrowserTools.snapshot, BrowserTools.run_code and run_browser_ops/browser_server), so it clearly fetches and ingests untrusted third-party web content that the agent reads and acts on.