cli-web-scrape

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and instructs passing secrets inline (e.g., -H "Authorization: Bearer TOKEN", --cookies "session=abc123", --proxy "http://user:pass@host:port"), which requires the agent to embed secret values verbatim in generated commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches arbitrary public web pages (e.g., via scrapling extract get|fetch|stealthy-fetch "URL" in SKILL.md), writes output to /tmp/scrapling-*.md and requires the agent to read and validate that scraped third‑party content as part of the Auto-Escalation Protocol, so untrusted user-generated/open-web content can influence tool selection and next actions.