testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains hardcoded plaintext passwords in test examples and client requests (e.g., "SecurePass123!") which require the LLM to reproduce secret values verbatim in code and test requests, an insecure pattern that risks credential exposure.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The k6 performance script imports and executes a remote JavaScript module at runtime (https://jslib.k6.io/k6-summary/0.0.1/index.js), which is a runtime fetch that would execute remote code and thus is a risky external dependency.