burp-suite

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed bearer tokens and plaintext passwords directly into HTTP requests (e.g., Authorization: Bearer and credential-stuffing examples), which requires the agent to handle and potentially output secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs setting Burp as a proxy and "Browse the target application normally → Burp captures every request in HTTP History" and to use the captured HTTP responses (and the Scanner's crawled pages) to drive Repeater/Intruder/Scanner actions (e.g., "If 200 OK → IDOR"), meaning it ingests untrusted third‑party web content that can materially influence subsequent tool use.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs installing and importing a Burp CA into the browser/OS trust store to intercept HTTPS traffic, which modifies the machine's trust/security settings and effectively bypasses security protections.