Broken Authentication Testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill repeatedly instructs constructing requests, commands, and code that include plaintext credentials, session cookies, tokens, and reset tokens (e.g., username/password in POST bodies, Cookie: SESSIONID=..., Authorization: Bearer ...), which requires the agent to handle or emit secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content explicitly instructs how to perform credential theft (brute force and credential stuffing), evade detection (IP rotation, forged headers, user‑agent randomization), and abuse flows such as host-header injection to redirect password reset emails and MFA/OTP bypass techniques, which are high-risk malicious behaviors despite being framed as authorized testing guidance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md core workflow explicitly instructs the agent to fetch and analyze responses from arbitrary target websites (e.g., requests to https://target.com/login and session cookie collection in Phase 1/6, username-enumeration API responses in Phase 3) and to ingest public breached datasets (e.g., "Have I Been Pwned") — untrusted third‑party content that the agent must interpret to decide subsequent test actions.