test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs creating temporary email accounts, retrieving JWT tokens and verification/reset links via API/curl and then embedding those tokens/links verbatim into subsequent commands and MCP navigation calls, which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Email-Based Authentication Testing" workflow explicitly fetches and parses messages from public temporary-email services (Mail.tm API and browser-based Mailinator/Guerrilla Mail) and instructs the agent to extract verification links and navigate to them, meaning untrusted third-party content is read and can directly influence navigation and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's interactive mode requires Playwright MCP which is auto-fetched and executed at runtime via the .mcp.json entry (npx @playwright/mcp@latest), meaning remote code is downloaded and run to provide mcp__playwright__... tools that directly enable/control agent actions.