grabber-development

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly directs the agent to intercept network traffic and "generate curl_cffi replay code" and to check/include cookies like cf_clearance/px/DataDome, which would require embedding captured Authorization headers, cookies, or tokens verbatim into generated commands—an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a high-risk, highly actionable evasion and reconnaissance manual—providing step-by-step techniques to bypass anti-bot systems (Patchright, Camoufox, Nodriver), spoof TLS/HTTP fingerprints (curl_cffi/primp), extract and replay session tokens (cf_clearance and intercepted APIs), automate CAPTCHA solving, perform GraphQL persisted-query probing, and use residential/mobile proxy escalation and behavioral simulation—capabilities that clearly facilitate unauthorized data access, credential/session theft, and circumvention of access controls.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md core workflow explicitly instructs the agent to "Load the target URL in a stealth browser" and "Navigate the site with Playwright/Patchright" to intercept and extract data from arbitrary target webpages (Data Discovery / Target Assessment), which requires fetching and interpreting untrusted public third‑party content that can alter subsequent tool use and decisions.