I built this POC almost a year ago and haven't really spent a lot of time in making the agent better since then. This was mostly an attempt to show that anybody could build similar offensive agents.
To answer your question though, I believe there could be a multi agent architecture such that if obfuscated jS is found, there could be a specialized subagent that can help with de-obfuscation of that jS and/or help retrieve secrets dynamically based on the URLs. This is all doable now. With subagents, hooks and skills - building a multi agentic architecture that handles such edge cases is definitely possible.
I built this POC almost a year ago and haven't really spent a lot of time in making the agent better since then. This was mostly an attempt to show that anybody could build similar offensive agents.
To answer your question though, I believe there could be a multi agent architecture such that if obfuscated jS is found, there could be a specialized subagent that can help with de-obfuscation of that jS and/or help retrieve secrets dynamically based on the URLs. This is all doable now. With subagents, hooks and skills - building a multi agentic architecture that handles such edge cases is definitely possible.