security-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt asks the agent to request and use test credentials (and shows automated test steps that fill username/password values), which requires the LLM to include those secret values verbatim in generated test actions/scripts/reports — enabling secret exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the skill explicitly instructs the agent to open and interact with an arbitrary "Target URL" (Phase 2) and to run a browser session that inspects/loads page DOM, response headers, external scripts and other third‑party resources (Phase 3 "Open a browser session", "Third-party scripts inventory"), meaning untrusted public content is ingested and used to drive tests and decisions.