crawl-site

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly tells the agent to set customCookies or customHeaders for authenticated sites, which would require embedding session tokens/authorization headers (secrets) verbatim in settings/commands and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly starts crawls of arbitrary public websites (e.g., the start_crawl({ url: "https://example.com" }) examples) and later retrieves and summarizes downloaded site content (get_site_tree, "Report Results"), meaning it ingests untrusted third-party web content as part of its workflow.