test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs creating temporary email accounts, retrieving JWT tokens and verification/reset links via API/curl and then embedding those tokens/links verbatim into subsequent commands and MCP navigation calls, which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and parses messages from public temporary-email services (Mail.tm API) and navigates/scrapes Mailinator/Guerrilla Mail inbox webpages to extract verification links and email HTML/text, meaning it ingests untrusted, user-generated third-party content as part of its testing workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime requests to the Mail.tm API (https://api.mail.tm, e.g. /domains, /accounts, /token, /messages) and also navigates to Mailinator/Guerrilla Mail pages (e.g. https://www.mailinator.com/v4/public/inboxes.jsp?to=..., https://www.guerrillamail.com/) to fetch email contents and extract verification/reset links which are then used to drive the agent's next actions, so these external URLs directly control the agent's prompts/workflow.