help-me-read

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires reproducing web pages' original paragraphs verbatim (including code snippets or embedded tokens), so if those pages contain API keys, passwords, or other secrets the LLM would be instructed to output them directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md "执行流程" step 1 explicitly requires extracting URLs from the user's message or $ARGUMENTS and fetching the full text of those arbitrary webpages, so the agent will ingest untrusted third‑party web content (public URLs) that could contain instructions influencing its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches arbitrary user-supplied URLs at runtime (URLs extracted from the user message / $ARGUMENTS) and requires their fetched text as the primary input that is injected into the model context to drive prompt outputs, so these external URLs can directly control the agent's behavior.