xpath-injection-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Yes — the skill explicitly instructs extracting and printing/storing plaintext passwords and building PoCs that include retrieved password values (e.g., substring queries and printing results), which would require the agent to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). 该内容详细提供了可用于认证绕过、用户名/密码逐字符枚举、盲注和基于时间的数据泄露利用示例，直接支持凭证窃取和敏感数据外泄等攻击（尽管标注用于授权测试，仍属于高风险可被滥用的利用手册）。