run-agent-browser

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document exposes multiple explicit high-risk capabilities — arbitrary in-page eval (including base64-encoded payloads), network interception/routing, cookie/storage/state manipulation, remote-debugging/auto-connect and WebSocket streaming (remote input), loading arbitrary extensions or executables, proxy rotation, and detailed stealth/anti-detection guidance — which together enable credential theft, data exfiltration, remote control/backdoor behavior, and deliberate evasion of detection.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill instructs the agent to navigate and fetch arbitrary web pages (e.g., "agent-browser open " and use of "snapshot -i", "get text", and "eval --stdin") as shown in SKILL.md and references/commands.md/workflows.md, so it clearly ingests untrusted public third‑party content and uses that content to drive subsequent actions.