browser-replay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and replays sessions against live target URLs (Step 3: "Open a fresh browser" with target URL = original or --url override) and dispatches browser actions (click/fill/eval) based on the page DOM and recorded trajectories, meaning it fetches and interprets untrusted public web content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes npx to fetch and run remote npm packages at runtime (e.g., "npx -y ruvector@0.2.25 rvf status" and "npx -y @claude-flow/cli@latest memory search"), which downloads and executes code from the npm registry that the skill relies on, so this is a runtime remote-code dependency.