mobile-workflow-generator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt asks for credentials or Playwright storageState files and shows examples that embed auth values (cookies, localStorage, explicit email/password) into commands/code and preconditions, which requires the LLM to handle and potentially output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill requires the user to provide an app URL in Phase 4 and then uses Playwright to navigate, load, and capture screenshots from that (potentially public) site during the mandatory live walkthrough (Phases 4–5), meaning the agent will fetch and interpret arbitrary third-party web content as part of its workflow.