ethical-hacking-methodology

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples that embed credentials directly on the command line (e.g., omp -u admin -w password), which requires the agent to handle and output secret values verbatim and is therefore insecure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 2: Reconnaissance explicitly instructs using OSINT sources and tools (Google dorks/site: queries, theHarvester, and social media such as LinkedIn, Twitter, Facebook) to fetch and analyze public, user-generated web content, which the agent is expected to read and act on as part of its workflow, allowing untrusted third-party content to influence decisions.