testing-api-for-mass-assignment-vulnerability

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly constructs HTTP requests with an Authorization header ("Bearer <user_token>") and embeds plaintext passwords/credential-like values in request bodies, meaning an agent would be expected to include secret values verbatim in generated requests or code (exfiltration risk).

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a dual‑use penetration testing tool but includes explicit exploit payloads for privilege escalation, financial manipulation, database override (MongoDB $set/_id), and a Spring4Shell "class.module.classLoader" RCE pattern that could be deliberately abused for privilege escalation, monetary fraud, and remote code execution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (SKILL.md and scripts/agent.py) issues HTTP requests to an arbitrary BASE_URL (e.g., f"{BASE_URL}/users/me", registration and order endpoints), parses resp.json responses, and uses those untrusted API responses to drive verification and follow-up actions (role elevation checks, admin endpoint access, further tests), so third-party content can materially influence the agent's behavior.