auth-flow-operator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill asks the agent to use known_credentials, perform logins, and record session artifacts (tokens/cookies) and account details, which inherently requires transmitting or storing secret values unless a secure, non-outputting mechanism is enforced, so it risks verbatim secret handling.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill actively fetches and interprets content from a user-supplied target_url (see Workflow Phase 1: Route Discovery and Phases 2–5), reading login/registration pages and API responses from arbitrary third‑party sites and using that content to drive authentication decisions and subsequent actions, which could allow indirect prompt injection.