testing-websocket-api-security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt embeds Authorization tokens directly in code and CLI examples (AUTH_TOKEN, expired_token, and wscat -H "Authorization: Bearer ..."), which encourages placing secrets verbatim into generated commands/code and therefore would require the agent to handle/output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk dual-use content: while framed as a security-testing toolkit, the package contains explicit exploit code (a CSWSH PoC that exfiltrates messages to https://attacker.com), ready-to-use injection payloads (command/SSRF/RCE patterns), and automated attack routines (flooding, connection exhaustion, channel subscription) that can be directly abused for data exfiltration, remote code execution, and DoS.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and code (SKILL.md steps and scripts/agent.py — e.g., analyze_handshake(), test_ws_injection(), test_injection()) explicitly connect to arbitrary WebSocket endpoints (WS_URL), receive and parse messages from those remote servers/users, and use those responses to determine vulnerabilities, so untrusted third-party content can directly influence the agent's decisions.