stealth-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to supply CAPTCHA API keys and proxy credentials and includes examples that embed plaintext secrets (e.g., proxy URLs, API keys, and a hardcoded password), which would require the agent to accept and/or output secret values verbatim—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and fetches arbitrary public URLs and webpage content (see SKILL.md "Quick Login Workflow" and scripts such as scripts/stealth_session.py, scripts/cf_bypass.py, scripts/login_session.py, and scripts/smart_login.py), inspects page HTML/URLs and elements, and then uses that information to decide actions (switch to headed mode, solve CAPTCHAs, click/login, save/load sessions), so untrusted third‑party content can directly influence tool use and next actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs bypassing security mechanisms (e.g., launching browsers with --no-sandbox), running persistent containers, and storing secrets/sessions on the host, which encourages compromising the machine's security state.