webapp-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that instruct the agent to type plaintext credentials (e.g., "password123" in the login form) into browser_action calls, which requires the LLM to emit secret values verbatim in its actions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md's "侦察后行动模式" explicitly instructs the agent to browser_action(action="navigate", url="目标URL") and then run browser_action(action="get_content") / get_elements to extract selectors and decide follow-up clicks, meaning it fetches and interprets arbitrary third‑party web pages (public/untrusted content) as part of its workflow.