pentest-report

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The template explicitly requires embedding HTTP request examples and a "泄露凭证列表" (leaked credentials list) and even shows a plaintext credential example, which would force the LLM to include secret values verbatim in reports.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). Contains explicit, actionable exploitation artifacts (SQLi PoCs, sqlmap automation) and an XSS data-exfiltration example that sends cookies to an attacker-controlled domain — patterns that can be directly abused to steal data despite being presented as authorized testing guidance.