hunt-oauth

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs capturing and using sensitive OAuth artifacts (authorization codes, access_tokens, client_secret, passwords) and embeds them into example curl commands and PoCs, which would require the model to handle or output secret values verbatim and thus poses a direct exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document provides explicit, actionable exploitation techniques (payloads, curl/adb PoCs, deep-link and redirect_uri bypasses) for stealing OAuth tokens and achieving account takeover, constituting high-risk malicious guidance for credential theft and data exfiltration.