user-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires supplying and using test account credentials for automated login flows via browser actions, which implies the agent will need to insert usernames/passwords verbatim into action requests or logs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow requires opening and interacting with arbitrary application URLs (see "Required inputs: Application URL" and the browser action "browser action=open targetUrl=..."), ingesting DOM snapshots, screenshots, and console logs from public websites (e.g., https://app.psalmix.com), which exposes the agent to untrusted third‑party content that could carry indirect prompt injection.