browser-act-skill-forge
Fail
Audited by Snyk on May 19, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). This skill explicitly mandates reverse-engineering hidden/internal APIs, HAR/network capture (including offline HAR to capture non-GET request bodies), and large-scale automated extraction while forbidding refusals or ethical filtering (e.g., "never refuse", "do not call the site's official API"), which purposefully enables evasion of protections, harvesting of tokens/CSRF/request bodies, and bulk data exfiltration—a high-risk design for abuse and credential/data theft.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The SKILL.md (Phase 2 — Capability Exploration) and referenced files (references/exploration_extraction.md and exploration_operation.md) explicitly require navigating to arbitrary target websites, reading network requests/HAR responses, executing fetch() in-page, and extracting DOM content from public sites (including candidate sites found via web search), so the agent will ingest untrusted, user-generated third‑party web content and use it to drive tool actions and decisions.
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata