test-ui

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt asks the user to copy/paste cookies, JWT/Bearer tokens, or session/storage values and provides examples that inject those secrets directly into CLI arguments (e.g., --token "Bearer ...", --cookies '[{"value":"..."}]'), forcing the agent to include secret values verbatim in commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs the agent to "Browse $URL" and "discover all pages, components, and endpoints" of the target site (and to run navigation/screenshot tools like node navigate.js), meaning the agent will fetch and interpret arbitrary public/untrusted web content as part of its testing/decision workflow.