amap-map-google-maps-migration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds real API keys (e.g., 40ffec9172a0dd65b7e224bb252b7e0b and b87b3d194a024295b1b17be020659457) and shows them used verbatim in code/URLs, so the LLM is required to output those secret strings directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow and code examples in SKILL.md explicitly instruct the agent to call and parse responses from public AMap endpoints (e.g., https://sg-restapi.opnavi.com, https://restapi.amap.com, https://sg-webapi.opnavi.com) to drive geocoding, search, directions and other runtime behaviors, so untrusted third-party content from those public APIs would be read and could materially influence subsequent actions.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the skill prompt for literal, high-entropy values that look like real API credentials. The prompt embeds two long, random-looking strings used directly as API keys in the docs and code examples:
• Web Service API key: 40ffec9172a0dd65b7e224bb252b7e0b (appears in the Key table and multiple example URLs)
• JS API key: b87b3d194a024295b1b17be020659457 (appears in the Key table and script src examples)

These are not placeholders (they are full-length, random-like strings used in live example calls), so they qualify as real, usable credentials per the definition. Notes and placeholders that I ignored: [YOUR_SECURITY_CODE], GOOGLE_KEY / G_KEY, and other obvious placeholders or simple example passwords are not flagged.