byted-link-reader

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill tells the agent to ask the user for ARK_API_KEY/MODEL_AGENT_API_KEY and then write them into a workspace environment file (appending or emitting environment lines), which requires the LLM to handle and output the secret values verbatim into commands/files, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and scripts/link_reader.py explicitly instruct the agent to fetch and return titles and main content from arbitrary webpages, PDFs, and Douyin video URLs (user-provided URLs) via the AsyncArk "LinkReader" call, which exposes it to untrusted third-party content that could carry indirect prompt injections.