live-debug

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs the agent to read sensitive client-side data (e.g., window.localStorage.getItem('auth_token')) and monitor network requests/console without any redaction guidance, which can expose session tokens or API keys to the LLM and lead to verbatim output/exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and ingests content from the live production site https://home.st44.no (see navigate, read_page, get_page_text, javascript_tool, read_network_requests, etc.), so untrusted page content or user-generated data there could be read and influence subsequent agent actions.