orca-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and commands (e.g., orca fill --element @e2 --value "s3cret" and orca cookie set --name --value ) explicitly show placing passwords/cookie values directly into CLI arguments, which would require the LLM to output secret values verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's browser automation explicitly fetches and ingests arbitrary public pages (e.g., "orca goto --url " followed by "orca snapshot" and "orca exec --command 'get text/html'") and instructs the agent to read and act on that content, so untrusted third-party web content can materially influence subsequent tool actions.