web-scraper

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to extract Authorization headers, cookies, and API keys from the HAR and "replicate" them into generated scraping code (HEADERS/COOKIES), which requires including secret tokens verbatim in output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to open arbitrary target URLs in a headed browser, capture and parse the resulting .har (e.g., "Open URL in headed browser + start HAR recording" and "Analyze the HAR file to identify data-serving API endpoints"), and then replicate headers/cookies and call discovered APIs—clearly ingesting untrusted, public third-party content that can influence subsequent tool actions.