private-api-reversal

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly instructs extracting session cookies, bearer tokens, and API keys from browser storage and building cURL/HTTP requests (e.g., constructing "Cookie" and "Authorization" headers or copying "Copy as cURL"), which requires including secret values verbatim in generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the agent to fetch and scrape arbitrary web app pages and DevTools/Playwright-captured content (e.g., "fetch the app homepage with your cookies, then regex for tokens" in Phase 2 and instructions to load storageState/auth.json and scrape page HTML), which ingests untrusted third‑party web content that the workflow uses to build requests and drive client behavior.