testing-apis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill contains many examples that embed API keys, bearer tokens, JWTs, and plaintext passwords directly into curl commands (and shows capturing and reusing tokens), which encourages the LLM to include secret values verbatim in generated requests or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and parse public third-party API docs and endpoints (e.g., "curl https://target.com/swagger.json", "curl https://api.target.com/graphql", and browsing /docs or /swagger-ui/) and to interpret those responses to discover endpoints and drive further testing, which exposes the agent to untrusted user-controlled web content that could contain malicious instructions.