privacy-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to inspect and record cookies, network payloads, console logs and other runtime evidence and to include "findings with evidence" in reports, which may require capturing and outputting PII or sensitive tokens (cookies/session values) verbatim — creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 3 browser-validation explicitly instructs the agent to open the target URL and enumerate/inspect external script sources, network requests, and payloads (see "Browser validation" and TRACK checks such as "enumerate all sources" and "inspect payloads to analytics endpoints"), so it will fetch and interpret untrusted third‑party web content that can materially influence its findings and actions.