CtrlK
BlogDocsLog inGet started
Tessl Logo

setup-browser-cookies

Import cookies from your real Chromium browser into the headless browse session. Opens an interactive picker UI where you select which cookie domains to import. Use before QA testing authenticated pages. Use when asked to "import cookies", "login to the site", or "authenticate the browser". (gstack)

Invalid
This skill can't be scored yet
Validation errors are blocking scoring. Review and fix them to unlock Quality, Impact and Security scores. See what needs fixing →
SKILL.md
Quality
Evals
Security

Security

2 findings — 1 critical severity, 1 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.

Critical

E004: Prompt injection detected in skill instructions

What this means

Detected a prompt injection in the skill instructions. The skill contains hidden or deceptive instructions that fall outside its stated purpose and attempt to override the agent’s safety guidelines or intended behavior.

Why it was flagged

Potential prompt injection detected (high risk: 0.90). The skill embeds many explicit but out-of-scope operational instructions (telemetry/analytics, artifact sync that can publish to GitHub, automated edits/commits to CLAUDE.md, vendoring migration, config changes and prompts) that go far beyond "import browser cookies" and instruct the agent to alter project state or opt into data sharing, so it contains deceptive/out-of-scope instructions acting as a prompt injection.

Report incorrect finding
Medium

W012: Unverifiable external dependency detected (runtime URL that controls agent)

What this means

The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.

Why it was flagged

Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime setup path that downloads and executes a remote installer script via curl -fsSL "https://bun.sh/install" -o "$tmpfile" followed by bash "$tmpfile", which fetches and runs remote code during skill execution.

Report incorrect finding
Repository
garrytan/gstack
Commit

7b4738b

Audited
Security analysis
Snyk

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill