shareone

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly expects the agent to read script outputs that contain API keys (e.g., KEY_FOUND:<api_key>, GUEST_KEY_CREATED:<api_key>) and even requires immediately sending temporary API keys to the user, which forces the model to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). In the required runtime path for comment processing (workflows/comments-process.md), the skill calls node scripts/shareone_api_request.js "/api/v1/shares/<SHARE_ID>/comments?status=unresolved" and later .../download, ingesting outsider-authored ShareOne comment text and page content into the agent’s context for “综合理解整个 thread” and “精准应用修改”.