B
75/100 First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
1
Score
75/100
CRITICAL 1
Findings (1)
CRITICAL
Text combines credential access with network transmission
L404 Text combines credential access with network transmission
Vulnerability: Without blocking, a malicious prompt could destroy data or exfiltrate credentials. FIX
Remove the combination of credential access and network transmission from the tool. If the tool needs credentials, access them via a secrets manager and never transmit them externally.
FP?
Likely FP if the tool legitimately uses credentials for API authentication (e.g., reading an API key to make authenticated requests to the same service).