generate-marketing-screens

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the agent to request and use user-provided credentials or session tokens (including embedding them in navigation/typing actions), which forces the LLM to handle secret values verbatim and creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill navigates to and inspects user-provided public websites using Playwright commands (browser_navigate, browser_snapshot, browser_evaluate) and uses the page content to generate screenshots and Product Hunt copy, so it ingests arbitrary third‑party web content from the provided public URL.