bb-browser

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk dual-use automation: the skill explicitly reuses a user's authenticated browser session to access private/internal pages and provides arbitrary in-page JS execution and data-extraction/screenshot capabilities, which enable credential theft and data exfiltration even though no explicit external backdoor code is shown.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to open arbitrary URLs and fetch page content (e.g., "bb-browser open ", "bb-browser snapshot -i", and "bb-browser eval 'document.body.innerText'") from public websites and user-generated pages, which the agent is expected to read and act on, allowing third-party content to influence subsequent actions.