Cross-Site Scripting and HTML Injection Testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Contains explicit, actionable instructions and payloads for data exfiltration, credential theft, session hijacking, CSP bypass, and other attack techniques that can be directly used for malicious exploitation if misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires interacting with arbitrary target web application URLs and inspecting user-generated content such as comment sections, profiles, and reflected responses (see "Required Access: Target web application URL" and "Identify Input Reflection Points"/"Stored XSS Indicators"), so the agent would fetch and interpret untrusted third‑party content as part of its workflow.