website-login

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to copy and emit ephemeral pairing secrets (pair_key, cli_public_key_fingerprint, jump_link, and qr_text) verbatim from CLI/JSON output into its reply, which are sensitive tokens that would expose credentials/session data if leaked.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Multiple direct downloads point to prebuilt ZIP binaries from a relatively unknown GitHub user (Lakr233) and an unfamiliar domain (api.cookey.sh), which is a common high‑risk pattern for malware distribution unless you verify the repo's authenticity, release signatures/checksums, or build from source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly starts Cookey requests for arbitrary target URLs (see SKILL.md commands like "cookey request start https://github.com/login" and guidance to "load it in Playwright" with page.goto), exports Playwright storageState from those public sites, and uses that state to navigate/interact with open web pages—so it ingests and acts on untrusted third-party web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs installing prebuilt Cookey binaries from GitHub (e.g. https://github.com/Lakr233/Cookey/releases/latest/download/cookey-macOS.zip and the corresponding Linux download URLs), which are fetched and executed as a required runtime dependency (remote executable code), creating a risk of executing untrusted remote code.