express-bus-booking

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs creating helper pages and POST bodies that must include server-returned hold/session identifiers (e.g., pcpyNoAll, satsNoAll, estmAmt) verbatim in output, so the LLM would need to handle and emit sensitive booking tokens (not just field names), creating an exfiltration risk even though it doesn't ask for API keys or passwords.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's code and SKILL.md explicitly fetch and parse live content from the public KOBUS site (e.g., https://www.kobus.co.kr main.do, /mrs/alcnSrch.do, /mrs/satschc.do, /mrs/setPcpy.ajax, /mrs/stplcfmpym.do) and directly interpret that HTML/JSON to drive timetable parsing, seat selection, temporary holds, and checkout actions, so third‑party page content can influence agent decisions and tool use.