mobile-browser-workflow-orchestrator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks for usernames/passwords, displays them from /workflows/mobile-config.json, and instructs writing config files and generating test fixtures that embed those credentials, which requires the LLM to handle and potentially output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The orchestrator explicitly loads and navigates to the user-provided App URL (Phase 0 configuration and Phase 1 "Exploration" step: "Navigate to config URL in mobile viewport"), meaning it fetches and interprets arbitrary public websites as part of generating and executing workflows/tests, which could allow untrusted third-party content to influence actions.