idor-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly shows and instructs capturing and injecting session cookies/auth tokens into raw HTTP requests (e.g., "Cookie: session=...") and guides modifying authenticated requests, which requires including secret session values verbatim in crafted requests — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly requires fetching and analyzing responses from a target web application (e.g., Core Workflow Detection Techniques and Exploitation with Burp Suite — intercepting requests like GET /api/profile?id=... and using Burp Intruder to enumerate endpoints), which are untrusted third-party pages/responses that the agent must read and act on, so they could carry indirect prompt-injection instructions.