camofox-browser

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs point to a small, non‑widely‑known project (camoufox.com + GitHub repos) that instructs users to download and run large native browser binaries and third‑party plugins (via npm/make/docker), so although not clearly malicious, they present a meaningful risk because binaries are fetched and executed from relatively unestablished sources and third‑party GitHub installs.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content documents an "anti-detection" browser server with explicit features for fingerprint spoofing, Cloudflare/Google-bypass, proxy/backconnect rotation, cookie import/export, VNC remote interactive login (with storage-state export), and a plugin system that runs third‑party post-install scripts and apt installs — collectively presenting strong, intentional capabilities for credential/session capture, covert remote access, network-based evasion, and supply‑chain / post-install code execution abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly browses and ingests open-web content that the agent is expected to read and act on (e.g., GET /tabs/:tabId/snapshot returns accessibility trees of arbitrary webpages, POST /tabs/:tabId/navigate supports search macros like @reddit_subreddit which fetches /r/<...>.json, and POST /youtube/transcript pulls YouTube captions via yt-dlp or a browser fallback) as described in the Core Agent Workflow and API docs, so untrusted third‑party content can materially influence the agent's next actions.