ultimate-browsing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This repository contains explicit credential-theft capabilities (local browser cookie extraction, OS keyring/DPAPI decryption, and CDP cookie injection) plus tooling and instructions to stealthily bypass WAFs and impersonate real browsers, which enable session hijacking and covert exfiltration/remote access and therefore represent high abuse potential.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Tier-1/1.5/2 runtime path ingests outsider-authored free text from the target URL itself (e.g., python3 -m engine "<URL>" → curl_cffi/Playwright fetches HTML/DOM text and returns it as FetchResult.content, which is then placed into the agent context); this is not user-authored and can include prompt-injection strings.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly installs and runs third‑party runtime tools (pip install cloakbrowser which downloads a CloakBrowser Chromium binary at runtime — https://github.com/CloakHQ/CloakBrowser — and npm i -g agent-browser which installs/executes the agent-browser CLI — https://github.com/vercel-labs/agent-browser), so these external URLs/packages are fetched during runtime and provide remote code the skill depends on.