competition-browser-persistence

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). 该技能要求检查并记录浏览器中的认证令牌、刷新凭证、cookie 等持久化状态并“重放”会话行为，明确指示保留 auth tokens/refresh material 和精确的请求/存储项，因而会促使模型读取并输出秘密值的字面内容。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to inspect and read browser-held third-party artifacts — e.g., cached responses, service worker scripts, Cache Storage entries, and storage items tied to arbitrary origins/routes — which are untrusted web content the agent must interpret and can change replayed actions and decisions.