threads-engagement

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs injecting session cookies (document.cookie = 'sessionid=VALUE;...') and typing user credentials/verification codes via browser commands, which requires the agent to emit secret values verbatim into generated commands—creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and reads public Threads pages (see "browser_navigate → https://www.threads.net" and the "Check Activity for Reply-Back" / thread scanning steps) and uses user-generated posts/replies to decide, draft, and verify likes/replies, so untrusted third‑party content can directly influence agent actions.