testing-websocket-api-security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes hardcoded Authorization header usage and CLI examples that embed bearer tokens (e.g., AUTH_TOKEN = "Bearer " and wscat -H "Authorization: Bearer token"), which encourages pasting real secrets verbatim into code/commands and thus risks exposing secrets through LLM outputs.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content includes explicit exploit code and proof-of-concept exfiltration (a CSWSH PoC that POSTs stolen WebSocket messages to https://attacker.com/collect) plus crafted RCE/command-injection and sensitive-data (SSRF to metadata) payloads — patterns that clearly enable deliberate data exfiltration and remote compromise if abused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and code (SKILL.md steps and scripts/agent.py — e.g., analyze_handshake(), test_ws_injection(), test_injection()) explicitly connect to arbitrary WebSocket endpoints (WS_URL), receive and parse messages from those remote servers/users, and use those responses to determine vulnerabilities, so untrusted third-party content can directly influence the agent's decisions.