browser-use

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.85). The skill exposes high-risk capabilities that can be deliberately abused to exfiltrate credentials/session tokens and enable remote/automated control—notably cloud profile syncing and cookie export/import, use of the user's real Chrome profiles, and arbitrary JS/Python evaluation and autonomous agent tasks—so while the doc itself isn't obfuscated malware, the features are powerful primitives for intentional credential theft and remote data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens and interacts with arbitrary public URLs (e.g., "browser-use open " in the Core Workflow) and exposes commands that fetch and interpret page content ("browser-use get html", "browser-use get text", "browser-use extract", and autonomous agent tasks via "browser-use run") so untrusted third-party web content can be read and acted on.