browser
Fail
Audited by Snyk on Feb 28, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This skill explicitly enables remote control of a user's real, authenticated Chrome sessions (access to cookies/logins), includes arbitrary in-page JavaScript execution (eval), and provides actions to read page content, discover input fields, type into and submit forms — all of which are high-risk capabilities that can be used to steal credentials, exfiltrate data, or act as a browser backdoor absent strict consent and safeguards.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to open/goto arbitrary URLs and to extract page content via commands like
alma browser open/alma browser gotoandalma browser read/alma browser read-dom(see the Workflow and Available Commands), so the agent will ingest untrusted public web content that can materially influence subsequent clicks/typing/eval actions.
Audit Metadata