exploiting-websocket-vulnerabilities

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes numerous examples that embed session tokens/cookies directly into commands and scripts (e.g., curl/wscat headers and Python extra_headers), which requires producing secret values verbatim and thus poses an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is a dual-use WebSocket security testing guide but includes explicit, deliberate malicious patterns—most notably an HTML PoC that exfiltrates WebSocket responses to an attacker-controlled server and instructions/examples for session replay and command-injection payloads that enable data theft or remote code execution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (scripts/agent.py and the SKILL.md workflow) actively fetches and connects to arbitrary external targets (e.g., discover_ws_endpoints using requests to base_url+paths, test_origin_validation using requests, and test_message_injection/websockets.connect to a supplied wss:// URL) and then reads and interprets those untrusted, user/third-party responses to drive findings and next actions, so third‑party content can influence the agent's decisions.