[benchmark] Portswigger 0/10: investigate likely environment issue

[peaktwilight]

The 2026-04-11 overnight portswigger-bench run scored 0/10 with zero findings on all 10 PortSwigger Academy labs (reflected XSS, stored XSS, DOM XSS, SQLi). pwnkit routinely solves these categories on XBOW, so this is almost certainly an environment/auth issue (expired lab session, rotated URLs, or missing Burp token), not an agent limitation.

To investigate:

1. Check if the lab URLs in the runner still resolve
2. Check if any auth/session token expired
3. Run a single lab manually to confirm the agent can reach the target
4. If env issue confirmed, fix and re-run

See #72 batch 2 comment for the overnight results table.

[peaktwilight]

Root cause found

Checked the run log for 24280396421. Every lab fails with:

could not find academy-launchlab widget on https://portswigger.net/web-security/...
Launch timeout — no lab URL obtained

It's a scraping issue, not an auth or agent issue. The PortSwigger Academy page structure changed — the runner's lab launcher expects an academy-launchlab widget on the page, can't find it, and times out before the lab even starts. Every lab gets the same error.

Fix: update the widget selector in the portswigger runner to match the current PortSwigger Academy DOM. Likely a CSS selector or element ID rename on their end.

The agent never reached the lab — 0/10 with zero findings is exactly what you'd expect when the infrastructure can't even start the challenges.