js-reverse-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires capturing full network requests (URL, headers, body, cookies, tokens) and producing runnable artifacts (JSRPC, Flask proxy, curl examples) that reproduce those requests — and the prompt even shows explicit password examples — so it effectively requires embedding secrets verbatim in outputs.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content includes backdoor-capable constructs — an unauthenticated WebSocket client (Hlclient) that executes remote-sent JavaScript via eval, JSRPC stubs that allow remote invocation of arbitrary page functions, and invasive antidebug/crypto hooks (overwriting eval/Function/toString/call/apply, console, Promise and crypto wrappers) that can capture or expose keys/tokens and hide instrumentation — together enabling remote code execution and exfiltration of sensitive data.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and inspects an arbitrary "Target URL" in a real browser via chrome-devtools-mcp (see SKILL.md Phase 1 "通过 chrome-devtools-mcp 连接真实浏览器，打开目标页面" and references/devtools-capability-matrix.md which allow evaluate_script, network/request reading and console/log capture), so untrusted third‑party page content is ingested and used to drive hooks, analysis, and generated actions.