reverse-engineer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs users to paste captured cURL requests and explicitly to extract auth tokens/cookie session IDs (Bearer token from pplx.session-id) and to map/auth extraction methods, which requires the LLM to read and could output secret values verbatim — a direct exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content instructs intercepting browser traffic, extracting auth tokens/cookies, and includes explicit anti-detection/evasion guidance (UA/TLS impersonation and referer/origin spoofing), which enables credential theft and unauthorized access — high potential for misuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to capture and ingest network traffic and copied cURL requests from the public website perplexity.ai (browser DevTools XHR/Fetch), meaning it will read and interpret untrusted third-party content from that site.