e-tax

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read sensitive profile data (氏名・住所・マイナンバー) from config and to populate web form fields via browser automation, which requires including those secret/personal values verbatim in tool/command inputs (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs the agent to open and interact with the public National Tax Agency website (https://www.keisan.nta.go.jp/) — including reading page content, detecting native dialogs (e.g., KS-E10089, KS-E40003), and making navigation/decision choices based on that content — which is untrusted third‑party web content that can materially influence tool use and next actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs use of an "etax-stealth.js" init script and navigator/getClientOS patching to spoof OS and bypass the service's environment checks (i.e. bypassing anti-automation / OS-detection protections), which is a security-bypassing behavior even though it doesn't request sudo, modify system files, or create users.