web-pentest

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt repeatedly instructs the agent to use provided test credentials, capture and replay session tokens/cookies, and produce proof-of-concept curl/Burp requests (e.g., replaying cookies, Authorization headers, or tokens), which would require embedding secret values verbatim in outputs and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and analyze public/untrusted web content from the target (e.g., "curl -I", robots.txt, sitemap.xml, JS bundle review via view-source, and other HTTP endpoints in Phase 1–7), and those fetched pages/artifacts are read and used to drive subsequent testing decisions and actions.