inspect

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill's evaluation step explicitly returns element attributes, data-* values, textContent, and outerHTML verbatim, so any secrets present in the DOM would be extracted and emitted by the LLM, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads a page snapshot (via .claude/last-snapshot.json or mcp__chrome-devtools__take_snapshot) and matches user descriptions against the live DOM tree, which can be an arbitrary public or user-provided webpage, so untrusted third‑party content could influence element selection and subsequent edits.