chrome-relay

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill is high-risk: it intentionally enables stealthy background control of a user's real Chrome session (including access to authenticated state), arbitrary JS execution in page context (Runtime.evaluate), DOM scraping, authenticated fetches, input automation, and screenshots — all of which can be used for data exfiltration, credential theft, and covert account manipulation even if the package itself is not explicitly malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to navigate arbitrary web pages and use commands like read --tab <id> -i, js (including fetch), and subsequent click/fill/type actions on content from public sites (mentions LinkedIn, Reddit, X), so untrusted third-party page content can be read and directly influence the agent's actions.