authenticating

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly automates extraction and storage of credentials, OTPs and session tokens (e.g., otp_codes.txt, session_tokens.json, CredentialManager.get_credential), which requires the agent to read and emit secret values into artifacts, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content explicitly documents and supplies ready-to-run offensive techniques (2FA/CAPTCHA bypass via response interception, direct endpoint skipping, OTP extraction and reuse, automated OTP brute‑force with proxy rotation, browser-stealth/fingerprint randomization and WebDriver hiding, token reuse and token capture, credential storage including 2FA secrets) that are dual‑use but clearly enable credential theft and unauthorized access; I found no obfuscated backdoor, remote code execution, or hidden exfiltration endpoints, but the described capabilities present a high abuse risk if used outside an authorized test scope.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows and examples (SKILL.md, README.md, and reference/2FA_BYPASS.md) show Playwright navigating arbitrary target URLs and reading page/network responses plus extracting OTPs from IMAP and public disposable-email APIs (e.g., guerrillamail), meaning it ingests untrusted third‑party web/email content that the agent is expected to interpret and use to drive actions.