candid-chrome-qa

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to capture and write network request URLs (and to run a fallback JS to recover full URLs when entries are redacted), which can include cookies, bearer tokens, or query-string secrets and therefore forces the LLM to handle/output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill navigates to and reads a user-supplied app URL (see "Navigate" and the CLI --url option) and then runs read_page / read_network_requests / javascript_tool against that page as part of the required per-target workflow, so arbitrary public or user-generated web content could be ingested and materially influence the agent's actions.