crawl4ai

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an example that hard-codes login credentials into js_code (document.querySelector(...).value = 'user@example.com' / 'pass'), which instructs embedding secret values verbatim in generated code/requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows the crawler fetching arbitrary public webpages via AsyncWebCrawler.arun(url="...") and converting/LLM-extracting their content into result.markdown/result.extracted_content (e.g., LLMExtractionStrategy), which clearly ingests untrusted third-party web content that could contain instructions influencing downstream LLM/tool behavior.