katana-crawl

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill shows and recommends embedding authentication cookies directly in command lines (e.g., -H "Cookie: session=abc123"), which requires the LLM/user to supply and include secret/session values verbatim in generated commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running katana against arbitrary target URLs (e.g., "katana -u http://target.com", -jc, -headless, -list, -jsonl) to crawl and parse JavaScript and web pages, which clearly ingests untrusted public web content (pages, JS, APIs) that can influence subsequent pipeline actions, so it exposes the agent to potential indirect prompt injection.