web-scraping

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs capturing and documenting headers, cookies, authentication tokens, and session/HAR exports and to validate/use session tokens in API calls, which requires the LLM to output secret values verbatim and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests and acts on arbitrary public website content — SKILL.md Phase 1 ("INTERACTIVE RECONNAISSANCE") and the proxy-tool docs (e.g., proxy_start(), interceptor_chrome_devtools_navigate(), proxy_list_traffic(), RobotsFile.find, gotScraping) direct the agent to fetch/scrape sitemaps, APIs and page traffic from third‑party sites and then use those findings to choose strategies and drive subsequent actions.