auth-sniffer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly extracts browser cookies/localStorage/sessionStorage auth values and returns them in its structured JSON output, forcing the agent to handle and potentially emit secret tokens verbatim (high exfiltration risk).

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill intentionally terminates and relaunches users' browsers with a CDP (remote-debugging) session to read cookies, localStorage and sessionStorage auth values — behavior that is credential theft/data exfiltration and poses a high risk of malicious abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly launches a CDP browser and extracts cookies, localStorage, and sessionStorage keys for arbitrary domains (see SKILL.md step 5 and flowmind.smart.md "Run extraction queue for requested cookie/localStorage/sessionStorage keys"), which are untrusted third-party values originating from public websites that the agent ingests and can influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to kill and relaunch browser processes (changing runtime system state) and to extract cookies/localStorage/sessionStorage (exfiltrating sensitive auth data), which actively manipulates the host and enables credential theft, so it does push the agent to compromise the machine state.