webact

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit CLI examples that pass passwords, cookies, and other secret values as literal arguments (e.g., webact fill "#password" "secret", webact cookies set name val, and network/showing POST bodies), which encourages the agent to read and emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and reads arbitrary public web pages (e.g., SKILL.md and MCP_INSTRUCTIONS.md describe commands like "navigate ", "read", "text", "search", and "readurls" which fetch and extract content from open/public websites), and the agent is instructed to read that content and base subsequent actions on it—meaning untrusted third-party page content can influence tool use and decisions.