create-tests

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to prompt for provider API tokens/keys and "Save any provided token or key to the test project's .env" (and to write auth-related files), which requires the LLM to accept and write secret values verbatim into project files.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 4 workflow explicitly opens browser sessions at the user-provided starting_url and uses inspect_page/get_locators to read live DOM and page content (see "Walk through the flow — use inspect_page" and "Always read the DOM file first"), meaning arbitrary third‑party webpages can be ingested and directly influence the agent's actions and test-generation decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly reads live MCP resources at runtime—shiplight://yaml-test-spec-v1.3.0 and shiplight://schemas/action-entity—to drive the YAML language, action catalog, and agent behavior, so these external resources directly control the agent's instructions.