scoutqa-test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows examples where the agent is instructed to send plaintext credentials (username/password) in CLI commands (scoutqa send-message), which requires the LLM to include secret values verbatim in its output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run the scoutqa CLI against arbitrary --url targets (see "Step 2: Run scoutqa command" and multiple --url examples) and to "Extract and analyze results" / view remote reports at https://app.scoutqa.ai/t/, which means the agent will ingest and act on content crawled from public third-party websites that could contain untrusted, user-generated instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the ScoutQA CLI which runs tests remotely on ScoutQA's infrastructure and surfaces a live control URL (e.g., https://app.scoutqa.ai/t/), so at runtime the external service executes remote code and processes prompts the skill depends on.