reflex-browser
Fail
Audited by Snyk on Apr 7, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The prompt includes an explicit example that embeds an auth token on the command line (
npm config set ...:_authToken "YOUR_DEPLOY_TOKEN"), which is an insecure pattern that would require the agent to insert or echo secret values verbatim into commands/outputs.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to fetch and inspect arbitrary public web pages (e.g., SKILL.md "Discovery Before Capability Audits: start with the target page:
start->open->summary" and examples likereflex browser open "<careers-url>"/open "<target-url>"), meaning the agent will ingest untrusted third-party page content and use it to drive subsequent actions.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata