stealth-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's wrapper.js and SKILL.md explicitly show it navigates arbitrary public URLs (quickVisit/goto in wrapper.js and examples in SKILL.md), returns page HTML/title via getContent/getTitle and uses checkSuccess/evaluate to drive decisions, so untrusted third-party web content can be fetched and materially influence agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly instructs running browsers with sandboxing disabled (--no-sandbox, --disable-setuid-sandbox) and references root paths, which encourages bypassing security protections and running privileged/insecure processes even though it doesn't ask to create users or edit system files.