bypassing-authentication-with-forced-browsing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed session tokens directly in curl commands (e.g., -b "session=valid_session_token_here") and requires using valid test credentials for authenticated comparisons, which would force an agent to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill (SKILL.md and scripts/agent.py) actively fetches and parses content from arbitrary target URLs (requests.get against --target, wordlist-driven enumeration and checks like .env and .git/HEAD), and it uses those responses to drive follow-up tests and decisions (e.g., triggering method-bypass checks), so untrusted third-party web content could indirectly influence agent behavior.