pentest-exploit-validation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The workflow mandates collecting and presenting HTTP requests/responses, extracted data, session hijacks and token-based account takeovers as evidence—actions that inherently require handling and often outputting secret values (cookies, tokens, passwords) verbatim, so this poses a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains explicit, actionable instructions and tooling for data exfiltration, credential/session theft, cloud metadata access (SSRF), privilege escalation and escalation to RCE — multiple high-risk offensive techniques that can be used for unauthorized compromise.