design-system

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask the user for credentials or a session cookie for sites behind authentication, which requires the LLM to accept and potentially include sensitive secret values (cookies/passwords) in its handling or outputs—creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 1 requires navigating to a user-supplied target URL with agent-browser and Steps 2–11 execute in-page evaluations (getComputedStyle, reading document.styleSheets, scraping content, visiting inner pages, and taking screenshots), so it ingests and acts on arbitrary public website content which could contain untrusted instructions that influence subsequent tool behavior.