webfetch-plus
Warn
Audited by Snyk on May 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches arbitrary public URLs (SKILL.md shows piping a URL into bin/wfp.sh and runtime/webfetch-plus.mjs calls page.goto(options.url)), extracts and writes the page text/metadata, and the required failure workflow/metadata (attempt_*.metadata.json and the SKILL.md retry steps) uses the page-derived "suggestion" to adjust retry parameters, so untrusted third‑party page content can directly influence tool behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). At runtime bin/wfp.sh may run npm install --prefix runtime/node which fetches and installs remote npm packages from the npm registry (for example https://registry.npmjs.org/cloakbrowser/-/cloakbrowser-0.3.28.tgz and https://registry.npmjs.org/playwright-core/-/playwright-core-1.60.0.tgz), and those packages are required dependencies that will execute code when imported/used by the skill.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata