security-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly asks for test credentials and shows embedding credential values into automated test steps and saved YAML/report artifacts, which requires the agent to accept and output secret values verbatim (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly asks for a user-provided "Target URL" and instructs the agent to open a browser session to inspect response headers, enumerate and execute/inspect external scripts and CDN resources, and test redirects to external URLs (Phase 2/Phase 3), which means the agent will fetch and interpret untrusted third-party web content that could contain indirect prompt-injection vectors.