gobuster

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that pass secrets on the command line (e.g., -c "PHPSESSID=abc123"), which requires or encourages embedding secret values verbatim in generated commands and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md instructs running gobuster against arbitrary web hosts and domains (e.g., "gobuster dir" / "gobuster dns" commands) and references pulling public wordlists from GitHub (SecLists), so the agent will fetch and parse untrusted public web/DNS responses and repository content as part of its workflow, which could contain user-generated instructions that materially influence subsequent actions.