browser-cash

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly instructs how to evade anti-bot protections and automate scraping via remote CDP sessions (including persistent profiles for logged-in state), which is high-risk enabling deliberate abuse (unauthorized data scraping/exfiltration and account misuse) even though it contains no hidden backdoor, obfuscated payload, or direct credential-exfiltration code paths.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs creating Browser.cash sessions (cdpUrl) and using Playwright/Puppeteer page.goto and scraping patterns to visit and extract content from arbitrary public websites (see "Create a Browser Session", "Using Browser.cash with Clawdbot" and "Scraping Tips"), which exposes the agent to untrusted third‑party web content that could contain indirect prompt injections.