js-api-extract

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly extracts API keys/tokens via regex/commands and requests the agent output "暴露的敏感信息 — API Key、...Token", which requires handling and potentially emitting secrets verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly provides step-by-step tooling and regexes to locate and harvest API endpoints, API keys/tokens, internal domains, and suggests authentication bypass and active fuzzing—actions aimed at collecting and exploiting sensitive credentials/endpoints, which are high-risk malicious behaviors.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md and references/js-extract-patterns.md explicitly instruct the agent to curl and download JavaScript files, source maps and Wayback Machine archives from arbitrary target URLs (e.g., Phase 1 commands using "$TARGET" and the script that downloads and parses JS), so the agent ingests untrusted third‑party web content and uses it to extract endpoints/keys that drive subsequent actions.