deep-debug

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt directs agents to collect and paste raw network/console evidence (e.g., requests, headers, cookies) into subagent prompts with no redaction guidance, which can expose API keys, Bearer tokens, or cookies verbatim — a direct secret-exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and analyzes arbitrary browser/page content (e.g., via mcp__claude-in-chrome__read_network_requests, mcp__claude-in-chrome__read_console_messages, mcp__claude-in-chrome__read_page and javascript_tool) which can expose the agent to untrusted public third‑party or user-generated content that could carry indirect prompt injection.