ui-verification

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill can require reading auth credentials from a flow's metadata and injecting them verbatim into browser action calls (e.g., act/type_text) to perform logins, so the LLM may need to emit secret values in tool-call arguments.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). Flow verification reads and executes Gherkin steps from outsider-authored free text in runtime-loaded .feature files under .ui-verification/flows/, and those step strings are passed into Nova Act via act()/act_get() as prompts, creating an indirect prompt-injection path from the .feature content into the agent/LLM context.