browser-record

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly opens arbitrary URLs via mcp__claude-flow__browser_open and captures page state (browser_snapshot, optional full HTML dump/--with-dom and screenshots) from third‑party websites, which can supply untrusted/user‑generated content that may influence later actions in the recorded session.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes npx to fetch and run external npm packages at runtime (e.g., "npx -y ruvector@0.2.25" and "npx -y @claude-flow/cli@latest"), which executes remote code that the skill relies on for its operation.