steel-browser

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). While docs.steel.dev and example.com are benign-looking, setup.steel.dev/install.sh is a direct shell installer and the skill explicitly instructs piping it to sh — executing remote .sh installers without review is a high-risk malware distribution pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and command references explicitly instruct the agent to fetch and interact with arbitrary external URLs (e.g., "steel scrape ", "steel browser navigate " and related extraction/interaction commands), meaning the agent will ingest untrusted public web content and act on DOM/text that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup instructs running a remote install script via curl -sSf https://setup.steel.dev/install.sh | sh which would fetch and execute remote code at runtime as a required dependency, so this URL is a high-risk runtime external dependency.