lightpanda-browser

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Most links are benign/local/placeholders or official project pages, but the prompt explicitly tells users to curl|bash a raw install.sh from an unverified GitHub user (https://github.com/nichochar/install-lightpanda/raw/main/install.sh) — a direct, executable script from an external account and an instruction to run it is a high-risk malware distribution pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens and scrapes arbitrary external URLs (e.g., agent-browser --cdp ... open and $LP get text body) as shown in SKILL.md and templates/parallel-extract.sh and templates/scrape-session.sh, meaning untrusted public webpage content is fetched and parsed and can drive subsequent interactions (snapshots, clicks, fills), creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation instructions include a direct shell execution of remote code via "curl -fsSL https://github.com/nichochar/install-lightpanda/raw/main/install.sh | bash" (and alternative remote-code fetches like git clone https://github.com/lightpanda-io/browser.git and docker pull lightpanda/browser:latest), which if run during setup/runtime will fetch and execute external code that the skill depends on—posing a clear execution risk.