Skills
skills/sickn33/antigravity-awesome-skills/go-rod-master/Snyk

go-rod-master

Warn

Audited by Snyk on Feb 28, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The SKILL.md and included examples (e.g., examples/basic_scrape.go and examples/concurrent_pages.go) explicitly instruct the agent to navigate to and scrape arbitrary external websites via calls like page.MustNavigate(...) and browser.MustPage(...), extract and interpret page content, and make decisions (race selectors, hijack handlers, extracted titles) based on that untrusted third‑party content, which enables indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.70). The skill documentation and examples show runtime fetching/execution of remote code—specifically the Go module reference "github.com/nichochar/go-rod.github.io/cmd/launcher@latest" (via the suggested go run) and the launcher call launcher.NewBrowser().MustGet() which auto-downloads and later launches a Chromium binary—so the skill will fetch and execute external binaries/code at runtime.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 01:18 PM