uat-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the agent to request/paste .env variables and test account credentials (email/password/2FA) and to use them to authenticate and run Playwright actions, which requires the LLM to include secret values verbatim in tool commands or generated actions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly reads external specs/PRs (Phase 1: "read spec/requirements" and "gh pr view"), accepts and verifies arbitrary application URLs (Phase 2: ask for Application URL + curl), and then autonomously navigates and inspects those live web pages using Playwright tools (references/agent-guide.md: browser_navigate, browser_snapshot, browser_evaluate), so it clearly ingests untrusted, user-generated third‑party web content that can influence test generation and automated actions.