Skills
skills/trotsky1997/my-claude-agent-skills/cursor-ide-browser-skills/Snyk

cursor-ide-browser-skills

Fail

Audited by Snyk on Mar 3, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill prompt includes examples that embed plaintext credentials into commands (e.g., browser_type(..., text="pass")), which requires the agent to include secret values verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and examples explicitly navigate to arbitrary public URLs (e.g., browser_navigate(url="https://www.baidu.com/...") in SKILL.md and references/examples.md), take accessibility snapshots, convert page content to Markdown and grep/query it, and then use extracted refs/text to drive clicks/typing—so untrusted, user-generated web content is fetched and directly influences automated actions.
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 3, 2026, 09:14 AM