broken-authentication

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs capturing and embedding credentials, session tokens, JWTs, and reset tokens into requests and scripts (e.g., Authorization headers, Cookie values, reset links, brute-force payloads), which requires handling and outputting secret values verbatim and thus presents high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill contains extensive, actionable instructions for credential theft and account takeover (brute force, credential stuffing, session fixation, JWT manipulation, OTP brute-force and password-reset abuse) plus explicit detection-evasion techniques (IP rotation, forged X-Forwarded-For headers, rate-limit bypass, use of breached credential lists and host-header reset injection) that meaningfully enable malicious abuse if used without proper authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and analyze responses from an external target application (e.g., GET/POST to https://target.com/login, capturing Set-Cookie/session tokens, and following password-reset links), which are arbitrary third‑party web pages whose content the agent must read and act upon as part of the workflow.