Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill explicitly offers arbitrary URL visitation and screenshot capture, which can expose sensitive internal pages, authenticated sessions, personal data, or confidential business information if invoked without clear guardrails or user warnings. In a browser automation context, unrestricted navigation increases the chance of SSRF-like access to internal resources and unintended collection of sensitive visual data.
