Midscene Browser Automation

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The code is not an obvious backdoor or obfuscated malware, but it exposes high‑risk data‑exfiltration vectors—automatic sending of screenshots/page content to external AI model endpoints (including user-configurable/custom endpoints), instructions to copy .env/API keys, and persistent Chrome profiles with cookies/passwords/downloads/screenshots—so it could easily leak credentials or sensitive data if misconfigured or abused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and scrapes arbitrary public websites (e.g., news.ycombinator.com, Google search results, social media posts, example.com) using the navigate/query/act commands and uses AI to read and extract page content, so it ingests untrusted, user‑generated third‑party content for interpretation.