scoutqa-test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit example that instructs embedding plaintext credentials (username/password) directly into CLI commands sent by the agent, which requires the LLM to output secret values verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Running Tests" workflow instructs the agent to run scoutqa against arbitrary public --url values (e.g., the many example commands like scoutqa --url "https://example.com") so ScoutQA will crawl/fetch external public websites and return results the agent must extract and act on, exposing it to untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the scoutqa CLI which at runtime communicates with ScoutQA's remote service (e.g., https://scoutqa.ai/t/019b831d-xxx) to execute tests remotely based on the supplied prompts, meaning the external service/URL runs code and controls execution of the testing agent.