web-access

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs preserving and using full URLs that may contain session-related tokens/parameters and shows curl commands that would include those URLs, which forces the agent to handle and potentially output sensitive token values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and browses arbitrary public webpages and social media (SKILL.md "触发场景" and "浏览器 CDP" sections) and its CDP proxy exposes endpoints that /new, /navigate, and /eval pages (scripts/cdp-proxy.mjs) so the agent reads and acts on untrusted third‑party content which can materially influence subsequent tool actions.