stealth-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples that embed secrets verbatim (e.g., proxy URLs with user:pass and an Authorization Bearer header in a command), which encourages or requires the agent to output actual credential values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill is explicitly designed to bypass anti-bot protections and enable scraping and automated access to protected sites (Cloudflare Turnstile, Datadome, Airbnb, Yelp); its instructions to use residential/mobile proxies to evade blocks, to save/export/import session cookies, and to automate interactive logins indicate intentional evasion of security controls and enablement of account/session reuse or takeover, which is abusive behavior with high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to fetch and scrape public third‑party webpages (e.g., using scripts/camoufox-fetch.py and curl-api.py against sites like https://www.airbnb.com and https://www.yelp.com) and to inspect page content (titles, form fields, keywords) to decide actions (session/login handling, bypass behavior), which clearly exposes it to untrusted user-generated web content that can influence tool use.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly tells the user/agent to run commands requiring elevated privileges (e.g., "sudo dnf install gtk3 libXt") and to change file permissions/profiles (chmod, profile storage), which instructs modification of the host system state and thus should be flagged.