teach-web-actions
Warn
Audited by Snyk on Jul 8, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). Phase 2 reads
session.har(captured from the user-driven browser session, which includes outsider-authored page/network response text) andprocess_har.pydecodes and summarizes response bodies intoLESSON.md/lesson.json, which then become LLM-readable context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.85). The skill's scripts install and invoke Playwright at runtime (via npm / npx), which will download and execute remote packages such as https://registry.npmjs.org/playwright/-/playwright-1.61.1.tgz (seen in scripts/package-lock.json), and the runtime behavior of the skill depends on that fetched code.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata