web-validation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes code and shell examples that embed plaintext credentials (hardcoded email/password and export TEST_PASSWORD="..."), which instructs the agent to include secret values verbatim in commands/code — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill renders and analyzes arbitrary web pages supplied via validate_url / the CLI (e.g., python lib/web_page_validator.py URL and validate_pages_with_auth) and even injects third‑party scripts (e.g., axe-core from https://cdnjs.cloudflare.com), so the agent will fetch and interpret untrusted public web content (HTML, console logs, and resources).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill largely performs safe web validation tasks but explicitly suggests bypassing security (e.g., "Run as administrator or disable antivirus temporarily") which encourages privilege escalation or disabling protections, so it can push the agent to compromise the host.