skipfish

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's authenticated-scan examples explicitly show embedding session cookies and credentials directly in command-line arguments (e.g., -C "PHPSESSID=abc123", -A user:pass), which requires the agent to handle and output secret values verbatim and therefore poses exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running skipfish against arbitrary target URLs (e.g., "skipfish -o output_dir http://" and the wrapper "bash scripts/skipfish/quick-scan-web-app.sh "), which crawls and ingests open/public web content (user-generated/untrusted pages) as part of its scanning workflow and can influence subsequent analysis/actions.