screenshot-codex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow requires the agent to open an arbitrary initial URL (the parameter) and navigate pages on the open web, meaning it will fetch and interpret untrusted public web content that can influence navigation and screenshot actions and thus enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs a remote npm package at runtime via "bunx @willbooster/agent-skills@latest" which fetches and executes remote code (and could therefore control agent behavior), so the external package reference @willbooster/agent-skills@latest is a risky runtime dependency.