frevana

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly reuses the user's logged-in Chrome sessions to scrape paywalled/authenticated pages and can batch-extract and publish content to social platforms — a high-risk capability for data exfiltration and unauthorized account actions (no direct backdoor/RCE or obfuscated payloads are shown, but the designed features intentionally enable credential/session misuse and mass scraping/publishing abuse).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly directs the agent to call mcp__frevana__frevana_scrape (provider: "url") to scrape any web page (examples include scraping https://news.ycombinator.com), which fetches arbitrary public/user-generated content that the agent is expected to read and act on as part of its workflow, enabling indirect prompt injection.