ffuf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). This prompt contains an explicit example of embedding an Authorization: Bearer token directly in a command/header, which encourages including secret values verbatim in generated commands or code and thus risks secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running ffuf against arbitrary public websites (e.g., "ffuf -u https://target.com/FUZZ" in the Directory Discovery and Subdomain Discovery sections) and pulling wordlists from SecLists on GitHub, so the agent will fetch and interpret responses from untrusted third-party sites which can drive recursive/follow-up scanning decisions.