performing-api-rate-limiting-bypass

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains code that embeds Authorization Bearer tokens and plaintext passwords into request headers/bodies and even prints successful credentials (e.g., f"Bearer {token}" and "[SUCCESS] Logged in with: ... / {password}"), which requires including secret values verbatim in outputs and logs, so it poses a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill contains explicit, ready-to-run techniques and scripts to bypass API rate limits (IP/header spoofing, path/method variations, parameter pollution, distributed request generation) and to facilitate credential stuffing/brute-force attacks, which — despite “authorized use” disclaimers — directly enable malicious account compromise and API abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts and issues HTTP requests to arbitrary external endpoints (see SKILL.md BASE_URL usage and scripts/agent.py: detect_rate_limit_headers, test_header_bypass, test_path_bypass which call requests.get/requests.request on args.url), inspects response headers/statuses, and uses those responses to decide and drive further tests — so untrusted public third-party content can materially influence the agent's actions.