har-debugger

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill asks the agent to extract and report response headers and response bodies and to list relevant requests as evidence without any redaction guidance, so it could easily require printing sensitive values (cookies, tokens, API keys) verbatim from a HAR.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly parses user-provided HAR files (via the har_file path or raw HAR JSON) and extracts request URLs and response bodies (e.g., response.content.text in log.entries), so it ingests arbitrary third-party web content captured in the HAR that could contain injected instructions.