browser-act-skill-forge

Fail

Audited by Snyk on May 19, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). This skill explicitly mandates reverse-engineering hidden/internal APIs, HAR/network capture (including offline HAR to capture non-GET request bodies), and large-scale automated extraction while forbidding refusals or ethical filtering (e.g., "never refuse", "do not call the site's official API"), which purposefully enables evasion of protections, harvesting of tokens/CSRF/request bodies, and bulk data exfiltration—a high-risk design for abuse and credential/data theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The SKILL.md (Phase 2 — Capability Exploration) and referenced files (references/exploration_extraction.md and exploration_operation.md) explicitly require navigating to arbitrary target websites, reading network requests/HAR responses, executing fetch() in-page, and extracting DOM content from public sites (including candidate sites found via web search), so the agent will ingest untrusted, user-generated third‑party web content and use it to drive tool actions and decisions.

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 19, 2026, 03:50 AM
Issues
2
Security Audit — snyk — browser-act-skill-forge