teach-web-actions

Warn

Audited by Snyk on Jul 8, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). Phase 2 reads session.har (captured from the user-driven browser session, which includes outsider-authored page/network response text) and process_har.py decodes and summarizes response bodies into LESSON.md/lesson.json, which then become LLM-readable context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.85). The skill's scripts install and invoke Playwright at runtime (via npm / npx), which will download and execute remote packages such as https://registry.npmjs.org/playwright/-/playwright-1.61.1.tgz (seen in scripts/package-lock.json), and the runtime behavior of the skill depends on that fetched code.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 8, 2026, 03:28 AM
Issues
2
Security Audit — snyk — teach-web-actions