Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill automates a logged-in Chrome session via the DevTools Protocol, navigates the user's browser, enumerates content from another account, and writes scraped text/images to local disk, but it does not present an explicit security warning or require informed consent for these sensitive actions. This is dangerous because CDP access effectively inherits the user's authenticated browser context and can access or act on session-scoped data beyond what a normal unauthenticated script could do.
