captcha-solver

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's setup example instructs storing the 2Captcha API key by passing the secret directly on the command line (--value <your_key>), which requires handling/outputting the secret verbatim and is an insecure pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill uses the browser_subagent to interact with arbitrary web pages (detecting "I'm not a robot" challenges) and may ingest/read page content or screenshots from untrusted public sites (and optionally send them to the 2Captcha third‑party API), so it consumes untrusted third‑party content as part of its workflow.