exploiting-idor-vulnerabilities

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs copying session cookies/Authorization headers and setting TOKEN_A to a real Bearer/JWT value and then embedding that token in curl/extension configurations, which requires handling secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly issues HTTP requests to arbitrary target URLs (see scripts/agent.py and the SKILL.md/CLI examples using base_url/target.example.com), ingesting untrusted third‑party web responses that are parsed and used to decide vulnerabilities and drive further tests.