puppeteer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples that hard-code or inject secret-like values (e.g., Authorization: "Bearer token", page.authenticate with username/password, cookies/localStorage values, page.type("#password","mypass")), which require the agent to include secrets verbatim in headers/requests or code—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows runtime workflows that navigate to arbitrary public URLs (e.g., page.goto("https://example.com"), scrapeAllPages(url), scrapeUrls(urls")), evaluate page content (document.body.innerText, page.evaluate, response.json), and extract/act on that untrusted third‑party content, so the agent would fetch and interpret user-generated/open web pages that could inject instructions.