lightpanda-browser

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The set includes a direct raw install script served from a third-party GitHub user (https://github.com/nichochar/.../install.sh) which is invoked via curl|bash (high-risk), while the rest are mostly local endpoints, placeholder/example sites, or the official lightpanda-io GitHub/docs (lower risk); the presence of that unaudited installer makes the collection moderately risky.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and scrapes arbitrary public URLs (e.g., the "agent-browser --cdp 9222 open " commands in SKILL.md and the templates/scrape-session.sh and templates/parallel-extract.sh which read user-supplied URL(s)) and then parses/acts on page content via snapshot/get text/fill/click, meaning untrusted third‑party content can directly influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's install instructions include a runtime-executed remote script ("curl -fsSL https://github.com/nichochar/install-lightpanda/raw/main/install.sh | bash") (and alternative git clone https://github.com/lightpanda-io/browser.git) which fetches and executes external code that the skill depends on to run.