hackthebox

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). Step 1 explicitly directs the agent to fetch multiple secrets (HTB_USER, HTB_PASS, HTB_TOKEN, ANTHROPIC_API_KEY, SLACK_BOT_TOKEN, etc.) and later steps imply using them for logins/API/Slack, which creates a high risk the LLM will handle or output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to log into and autonomously interact with the public HackTheBox site (see SKILL.md step 4 and platform-navigation.md), read challenge/machine pages, download challenge files/.ovpn, and act (start/stop machines, decide attacks, submit flags), which are untrusted, user-generated third-party contents that can materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Playwright MCP configuration runs "npx @playwright/mcp@latest" (which fetches and executes code from the npm registry at runtime), meaning remote code is downloaded and executed as part of the agent runtime and is relied on for Playwright MCP operation.