javascript-surface-analyzer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires extracting and reporting "secret_candidates" and "key/token candidates" (and header/token construction logic) in the output, which would require the model to surface secret values verbatim and thus poses exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This document outlines an explicitly offensive, dual‑use methodology — it instructs analysts to extract "attacker‑relevant intelligence", locate secret/token candidates, and create DOM‑XSS, open‑redirect and token‑misuse probes to trigger hidden endpoints and abuses, which directly enables credential theft, data exfiltration and targeted exploitation (no explicit backdoor code is included, but the workflow facilitates malicious activity).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and inputs (e.g., target_url and seed_pages) explicitly require collecting and analyzing "static and dynamic script URLs" and related source maps/chunk manifests from public websites, meaning the agent fetches and interprets untrusted third‑party web content as part of its analysis.