Context-Inappropriate Capability
High
- Confidence
- 97% confidence
- Finding
- The code starts or attaches to Chrome with the remote debugging port enabled and then connects via Puppeteer, which grants broad control over the user's browser context, cookies, tabs, and authenticated sessions. In this skill, that access is not narrowly scoped and is used against an existing profile, making it dangerous if run without explicit informed consent.
