performing-web-application-penetration-test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs capturing and reproducing session tokens, Authorization headers, and other credentials in HTTP request/response evidence (including embedding tokens in example requests), which requires the LLM to handle and potentially output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). scripts/agent.py (e.g., fingerprint_technology, check_security_headers, test_xss_basic, test_sql_injection_basic, test_cors_config and run_directory_bruteforce) and the SKILL.md reconnaissance steps explicitly fetch and parse responses from arbitrary target URLs and public web resources (HTTP requests, spidering, JS review, ffuf directory fuzzing), meaning untrusted third‑party content is ingested and directly influences findings and actions.