bypassing-authentication-with-forced-browsing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes curl examples that embed session tokens (e.g., -b "session=valid_session_token_here") and tells the tester to compare authenticated requests using valid credentials, which requires placing secret values verbatim into commands—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (see scripts/agent.py and SKILL.md) actively fetches and parses content from arbitrary target URLs (e.g., enumerate_directories/test_endpoint/check_sensitive_files against https://target.example.com and user-supplied --target), which are untrusted public web resources and whose responses are used to drive tests and reporting—thereby allowing third‑party content to materially influence the agent's actions.