screengrabs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes insecure patterns that can require embedding secrets verbatim (e.g., a --auth-cookie CLI option and example pre-scripts that could contain plaintext credentials) which would cause the LLM to output secret values directly if populated.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and capture script explicitly navigate to arbitrary base URLs / preview deployments and routes using Playwright (see SKILL.md Steps 2–4 and scripts/capture.ts --base-url/--routes), read the page DOM and screenshots, and use those observations to craft pre-scripts and decide capture actions—so untrusted public web content can be ingested and influence subsequent tool use.