test-web-ui

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly tells the agent to "ask user for test credentials" and includes CLI/Playwright examples (e.g., fill/type commands) that would require embedding those credentials verbatim into generated commands or scripts, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates and crawls arbitrary public URLs and ingests page content to drive discovery, generate test plans, and perform automated interactions (see SKILL.md discovery/execution steps and the runtime behavior in scripts/discover.py and scripts/run_tests.py), which exposes the agent to untrusted third‑party web content that can influence its actions.