Cross-Site Scripting and HTML Injection Testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Contains explicit, actionable instructions and payloads for data exfiltration, credential theft, session hijacking, CSP bypass, and other attack techniques that can be directly used for malicious exploitation if misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly requires and instructs the agent/tester to fetch and analyze content from a target web application and untrusted user-generated locations such as comment sections, forums, search/query parameters, and arbitrary URLs (see "Target web application URL", "comment sections and forums", and example crafted URLs), so it clearly ingests open/public third-party content that could carry indirect prompt injections.