network-inspection

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs inspecting and reporting request headers and bodies (including Authorization and Cookie values) and templates show including "relevant headers," which would require the LLM to read and potentially output secret tokens verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly uses Chrome DevTools MCP tools (Tool: mcp__chrome-devtools__list_network_requests and mcp__chrome-devtools__get_network_request) to fetch and inspect network responses and response bodies from arbitrary URLs observed in the browser, which are untrusted third-party content that the agent is expected to read and use to drive analysis and remediation.