alibabacloud-quickbi-smartq

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires the agent to extract user-provided api_key/api_secret/user_token values and directly write them into configuration files (and prohibits just instructing the user to set env vars), meaning the LLM must handle and emit secret values verbatim when performing file edits — creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary QuickBI dashboard URLs and calls scripts (e.g., scripts/fetch_dashboard_data.py described in references/dashboard/module-dashboard.md and SKILL.md Phase 2) to fetch and parse the dashboard JSON (including richTextComponents) and then uses that parsed content to drive routing, generate SKILL.md, and determine query/tool behavior, meaning untrusted user-provided dashboard content can materially influence agent actions.