dev-browser

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The code is a legitimate browser-automation tool but contains multiple high-risk capabilities — persistent browser profiles, capturing and storing request headers/responses (including auth headers), replaying requests inside an authenticated browser context, eval-based script injection into pages, and an HTTP/WebSocket relay that can expose browser control — any of which can be abused for credential theft, data exfiltration, or remote control if the server/extension is exposed or misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The dev-browser skill explicitly navigates to and scrapes arbitrary web pages and APIs (e.g., page.goto in SKILL.md, the scraping guide in references/scraping.md that captures and replays public API responses, and client.getAISnapshot()/page.evaluate() in src/client.ts) so it ingests untrusted, user-provided third‑party web content that the agent is expected to read and interpret.