58pic

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to run shell commands that embed the user's API key verbatim (e.g., 58pic config init --api-key "<key>"), which requires the LLM to include secret values directly in its output/executed commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to execute 58pic CLI commands (e.g., "58pic search ... --format json", "58pic download ", "58pic same-style") that fetch/search/download content and JSON metadata from the public 58pic AI platform (a third‑party site that hosts user/public assets), and the agent is expected to parse those responses to drive follow-up actions like downloads or task submissions, which could allow untrusted content to influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires installing and running external CLI packages fetched at runtime (e.g., npm install -g @58pic/cli or github:58pic-open/cli which points to https://github.com/58pic-open/cli, and npx skills add via https://github.com/vercel-labs/skills), so those remote repositories/packages would be fetched and executed as required dependencies for the skill.