performing-csrf-attack-simulation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and workflow explicitly show embedding session cookies and CSRF token values into curl commands and PoC payloads (e.g., -b "session=abc123", previously_captured_token), which would require the agent to accept and reproduce secret/session token values verbatim—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and parses arbitrary target web pages provided at runtime (e.g., scripts/agent.py: analyze_csrf_protections and find_state_changing_forms call requests.get and inspect resp.text/Set-Cookie), and the SKILL.md workflow requires browsing/ingesting target application pages and using those results to decide vulnerabilities and generate PoCs, so untrusted third-party content can materially influence agent actions.