performing-web-application-penetration-test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs collecting and documenting HTTP request/response pairs, session tokens, and Authorization headers (e.g., Bearer tokens) which would require the agent to include secret values verbatim in its output, posing exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's runtime code and workflow explicitly fetch and ingest arbitrary public web content (e.g., scripts/agent.py uses requests.get against target_url and run_directory_bruteforce/ffuf, and SKILL.md instructs spidering/browsing the target application), which is untrusted user-controlled content that the agent parses and uses to make testing decisions (XSS/SQLi detection, CORS/method decisions), enabling indirect prompt-injection risk.