Cross-Site Scripting and HTML Injection Testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Although presented as a testing guide, the content contains explicit, actionable exploit code and techniques for data exfiltration (cookie/session theft, keylogging, fetch/image beacons to attacker domains), credential theft (phishing form injection), CSP/WAF bypasses, and obfuscation/remote-eval patterns that are clearly usable for malicious abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires interacting with arbitrary target web application URLs and reading user-generated content (e.g., comment sections, user profiles, search results, and page responses) to detect and exploit XSS, meaning untrusted third-party pages could supply instructions or payloads that materially influence the agent's testing and follow-up actions.