test-ui

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste cookies, JWT/Bearer tokens, or session values and shows/uses command examples that embed those secrets verbatim (e.g., --token "Bearer ...", --cookies '[{"value":"..."}]'), so the LLM would need to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs the agent to "Browse $URL" and "discover all pages, components, and endpoints" of the target site (and to run navigation/screenshot tools like node navigate.js), meaning the agent will fetch and interpret arbitrary public/untrusted web content as part of its testing/decision workflow.