anti-distill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to read user files and generate a "private backup" that includes "所有标记为 REMOVE/DILUTE 的... 原文，保留完整上下文", which would require outputting any secrets (API keys, tokens, passwords) verbatim if present.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This document explicitly instructs how to sanitize skill files for submission while creating and preserving a private backup of removed proprietary knowledge (including guidance like "带着这份清单跳槽，它比任何 Skill 文件都值钱"), enabling deliberate insider data exfiltration and deceptive submissions — there are no technical backdoors, remote code-exec, or credential-theft routines, but the intent to facilitate theft and concealment of sensitive IP is clear and high-risk.