e2e-tester

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes multiple hard-coded plaintext credentials (e.g., "password123", "secure123") in both exploration commands and committed test templates, which encourages the agent to emit secrets verbatim (even though a secure env-var pattern is shown for one case).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to open and interact with arbitrary app URLs via agent-browser (e.g., agent-browser open <url> and agent-browser snapshot -i), which causes the agent to fetch and read DOM/content from external/untrusted web pages as part of its workflow, enabling indirect prompt injection.