qa-systematic

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask for test credentials and to authenticate/store session data, which implies the agent will receive and use secret values (and may need to embed them verbatim into requests/scripts), creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly navigates to and crawls an application URL (Phase 2/3/4: "Navigate to root URL", "Map the primary navigation", "For each page, run the per-page checklist") potentially using Playwright/agent-browser, meaning it fetches and interprets arbitrary third-party web pages provided by the user — which could contain untrusted, instruction-like content.