security-burpsuite-project-parser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to decode and print raw request/response bodies and "report findings with request/response evidence," which will cause any embedded secrets (Authorization headers, cookies, API keys, tokens, passwords) to be output verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly ingests and parses Burp XML exports containing HTTP history and request/response bodies (see "Export Burp project data as XML (HTTP history or scan results)" in SKILL.md), which are arbitrary, untrusted third-party web responses that the agent reads and uses to derive findings and drive analysis.