scrapling

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt documents CLI flags that accept sensitive values (cookies, proxy URLs with username:password, headers) and shows examples embedding them directly, which encourages placing secrets verbatim into generated commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs fetching arbitrary public websites (e.g., "scrapling extract get 'https://example.com' ..." and browser commands like fetch/stealthy-fetch and the interactive shell example get('https://news.ycombinator.com')), so the agent ingests untrusted third‑party web content that could contain instructions and influence subsequent actions.