use-session-data

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read full request/response bodies (and storage/cookies) and to use response.content.text and storage data as mock data in tests, which can require embedding real secrets (cookies, tokens, API keys) verbatim into generated code or commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to download Meticulous session data (via npx @alwaysmeticulous/cli ... into .meticulous/sessions/) and to read files like user-events.json and network-requests/<order>.json (including response.content.text), which are untrusted, third-party/user-generated recordings and responses that the agent is expected to interpret and could materially influence testing decisions—so it exposes the agent to indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill invokes "npx @alwaysmeticulous/cli" which fetches and executes remote package code from the npm registry at runtime (npx @alwaysmeticulous/cli), so it relies on external code that is executed during the skill's operation.