qa-exploring-application-ui

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's example invocation includes credentials passed directly on the command line (--credentials user:pass), which requires embedding secrets verbatim in commands and therefore poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's exploration workflow (SKILL.md) and scripts/explore.py explicitly navigate to the provided target URL (await page.goto(url,...)), extract page text (page.text_content("body")), discover and follow links found on the site (links = await page.evaluate(... anchors ...)), and instruct the AI to analyze screenshots and page content to decide next actions—clearly ingesting untrusted third‑party web content that can influence tool behavior.