web-scraping

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly directs the agent to monitor network traffic and "document headers, cookies, authentication tokens" and produce intelligence reports, which can require including secret token or cookie values verbatim in outputs and therefore poses a direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly opens and interacts with arbitrary public websites (Phase 1: "Open site in real browser" via Playwright MCP and DevTools in SKILL.md) and automatically fetches public third-party resources (Phase 2: curl/robots.txt and sitemap.xml checks plus examples that accept user-provided URLs), so the agent will ingest untrusted web content that could carry indirect prompt injections.