byted-podcast-tts

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). It tells the agent to prompt for a missing MODEL_SPEECH_API_KEY (or accept it as a command-line parameter) and then set/use it, which requires the agent to receive and potentially embed the secret value verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts arbitrary webpage/file addresses via the --input_url parameter (documented in SKILL.md and implemented in scripts/podcast.py) and sends them as input_info.input_url to the remote WebSocket endpoint (wss://openspeech.bytedance.com...), meaning untrusted third‑party page content can be fetched and directly influence generation.