browser-record

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime path opens a browser to a user-supplied URL and then ingests browser-derived accessibility tree/screenshot state via browser_snapshot (and later steps), which can include outsider-authored free text from public web pages into the agent’s LLM context through the browser tooling.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). This skill invokes npx to fetch-and-execute remote npm packages at runtime (e.g., "npx -y ruvector@0.2.25" and "npx -y @claude-flow/cli@latest"), which causes execution of remote code and is a required runtime dependency.