browse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secrets verbatim (e.g., fill e2 "password123", cookie-set session_id abc123), which instructs the agent to output or include secret values directly and thus presents an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly opens and scrapes arbitrary public websites (via commands like "npx @playwright/cli open/goto/tab-new" and examples in references/running-code.md and references/session-management.md), and uses page content (page.content(), locator text, generated test code, and run-code examples) to drive subsequent actions, so untrusted third‑party pages can materially influence agent behavior.