exploiting-idor-vulnerabilities

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs copying session cookies/Authorization headers and embedding bearer tokens (e.g., TOKEN_A="Bearer eyJ...") into curl commands and Burp Authorize configuration, which requires handling and outputting secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and scripts (SKILL.md and scripts/agent.py) explicitly fetch and ingest content from arbitrary target URLs (e.g., curl requests to https://target.example.com, ffuf enumeration, and the --url parameter used by IDORTester) and then interpret those responses to decide vulnerabilities and drive follow-up actions (requests, writes, enumeration), exposing the agent to untrusted third-party/user-provided web content that could indirectly inject instructions.