baidu-drive

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and workflows require embedding share extraction codes or passcodes (e.g., ?pwd=abcd or -p abcd) into bdpan command lines and would cause the agent to include user-provided authorization codes/passcodes verbatim in generated commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and processes arbitrary public Baidu Pan share links and remote backup files (see SKILL.md examples like bdpan download "https://pan.baidu.com/s/1xxxxx" and the memory-backup.sh restore flow which _bdpan_downloads manifest.json and backup files and then merges them), so untrusted third-party content is ingested and can materially influence actions (including restoring agent memory).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's install script (scripts/install.sh) downloads and executes a remote installer at runtime from https://issuecdn.baidupcs.com/issue/netdisk/ai-bdpan/installer/${VERSION}, which is fetched and executed as part of the skill's installation flow (remote code execution risk while required when bdpan is not present).