exhaustive-real-world-scenario-qa

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt reads or asks for user login credentials and explicitly interpolates Email/Password into agent prompts and Playwright commands (e.g., fill actions and executor prompts), which forces the LLM to include secret values verbatim in generated commands and outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests external spec and design content (e.g., "--spec" Notion URLs via mcp__claude_ai_Notion__notion-fetch / Inkdrop MCP in Phase 1.1 and Figma URLs via the Figma Desktop MCP in Phase 1.5 of SKILL.md) and then uses that untrusted, third‑party content to generate and drive test cases and agent actions, so external content can materially influence tool behavior.