authenticating

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly extracts and records secrets (OTP codes, session tokens, captcha tokens) and includes code that logs into IMAP with email/password, which requires the agent to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High risk: this content is a dual-use, weaponizable authentication-testing toolkit that includes detailed 2FA/CAPTCHA bypass techniques, bot-detection evasion, OTP/email extraction code, proxy/IP rotation and fingerprinting guidance that could be used to steal credentials or gain unauthorized access if not restricted to authorized testing.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly navigates to and scrapes arbitrary target web pages using Playwright (e.g., playwright_navigate to "https://target.com/login", playwright_network_requests, playwright_console_messages, screenshots) and also ingests email content via IMAP for OTP extraction, so it explicitly consumes untrusted third‑party web and email content as part of its workflow.