broken-authentication

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's workflows and examples explicitly show embedding passwords, session cookies, JWTs, and Authorization headers (e.g., username=test&password=test123, Cookie: SESSIONID=abc123, Authorization: Bearer ...), meaning an agent following it would be expected to insert real secret values verbatim into requests/commands.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides detailed, actionable instructions for credential theft, account takeover, and detection-evasion (brute force, credential stuffing with breached lists, OTP brute-force, rate-limit/IP/header rotation, host‑header token capture), which are techniques that enable deliberate malicious abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md core workflow explicitly instructs the agent to fetch and analyze responses from arbitrary target websites (e.g., requests to https://target.com/login and session cookie collection in Phase 1/6, username-enumeration API responses in Phase 3) and to ingest public breached datasets (e.g., "Have I Been Pwned") — untrusted third‑party content that the agent must interpret to decide subsequent test actions.