broken-authentication

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs capturing and embedding credentials, session tokens, JWTs, and reset tokens into requests and scripts (e.g., Authorization headers, Cookie values, reset links, brute-force payloads), which requires handling and outputting secret values verbatim and thus presents high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content contains multiple explicit, actionable instructions for account takeover and detection evasion (credential stuffing, brute‑force workflows, IP/header rotation and spoofing, JWT/token manipulation, host‑header reset abuse), presenting a high abuse risk despite being framed as authorized testing guidance; there is no hidden backdoor, remote‑exec payload, or direct data‑exfiltration code present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and analyze responses from an external target application (e.g., GET/POST to https://target.com/login, capturing Set-Cookie/session tokens, and following password-reset links), which are arbitrary third‑party web pages whose content the agent must read and act upon as part of the workflow.