csrf-cross-site-request-forgery

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The playbook explicitly instructs capturing CSRF tokens/cookies and then including them verbatim in requests (e.g., reading a token from the DOM and appending it to xhr.send), which directs the agent to handle/exfiltrate secret values insecurely.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is an offensive CSRF exploitation playbook containing explicit, ready-to-use attack techniques and PoC templates (form/img/XHR/fetch), OAuth state hijack guidance, XSS-assisted token theft, cookie-tossing/double-submit bypasses, CORS/JSON downgrade tricks, client-side path traversal, and an explicit multipart upload example that names "shell.php" (enabling remote code upload/execution) — all of which are clear, deliberate malicious/abusive patterns that can be used to perform account takeover, credential/token exfiltration, privilege escalation, and remote code execution.