riddle

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This README/skill manifest describes a hosted browser plugin whose functionality legitimately requires sending URLs, Playwright scripts, and (optionally) authentication artifacts (cookies/localStorage/headers) plus an API key to a remote execution service (api.riddledc.com). The documented capabilities are consistent with the stated purpose, but the model requires trusting the remote service with potentially sensitive data. No explicit malicious code or obfuscation is present in this fragment, but the ability to transmit session tokens and page content to a third party is an inherent privacy/credential risk. Before use, the plugin implementation and the vendor's server behavior, retention policies, and allowlist enforcement should be audited. LLM verification: No direct indicators of malware or intentional obfuscation were found in the provided documentation. The primary security risk is explicit: forwarding user-supplied authentication material and page content to a third-party hosted execution environment (Riddle) exposes secrets to that operator and infrastructure. The plugin appears functionally legitimate for automated browsing tasks, but it is unsuitable for high-sensitivity targets unless the operator and the plugin implementation are audited a