opencli-oneshot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs capturing cookies/CSRF tokens and embedding Authorization Bearer headers (including a hard-coded bearer example) into generated fetch/adapters, which requires handling and potentially outputting secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly directs the agent to navigate to arbitrary target URLs, capture and evaluate JSON API responses (Step 1: "browser_navigate" + "browser_network_requests") and to run page.evaluate/fetch or install interceptors (Step 3/TS examples) so the agent ingests and acts on untrusted third‑party web/API content, which can influence subsequent tool use and behavior.