kaboom-browser-ai-devtools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill captures full request/response bodies and recorded input values (captureInputs/includeBody) and its examples show typing passwords as plain text in tool arguments, which means an LLM may need to receive and emit secret values verbatim when constructing MCP calls or responses.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). Multiple links are direct raw install scripts (.sh, .ps1) and GitHub releases from an unvetted/unknown repository combined with instructions to pipe-download-and-execute, which is a common and high-risk malware distribution pattern unless the author, release artifacts, and scripts are independently audited and signed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly navigates to and inspects arbitrary web pages and their network/DOM content (e.g., kaboom_browser_navigate with url, kaboom_network_get includeBody, kaboom_dom_snapshot/dom_query and recording APIs) and uses that untrusted, public page content as input that can drive subsequent actions (click/type/generate tests), enabling indirect prompt-injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Install uses install scripts that are fetched and executed at install/runtime (curl -sSL https://raw.githubusercontent.com/brennhill/Kaboom-Browser-AI-Devtools-MCP/STABLE/scripts/install.sh | bash and PowerShell irm https://raw.githubusercontent.com/brennhill/Kaboom-Browser-AI-Devtools-MCP/STABLE/scripts/install.ps1 | iex), which execute remote code and therefore represent a direct runtime external dependency risk.