workers-app-tester

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs preserving and logging full auth headers (PRESERVE_AUTH=1), extracting hardcoded secrets during static analysis, and documenting evidence, which requires the agent to read and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly captures live app network traffic via mitmproxy (SKILL.md "Start traffic interception" using scripts/capture.py) and then requires the agent to run scripts/traffic.py and scripts/analyze.py which read and interpret response bodies/headers from traffic.jsonl to generate test suggestions and drive the next actions, so untrusted third‑party responses can materially influence agent behavior.