request-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs constructing and running CLI commands that embed the user-provided review text verbatim (e.g., --prompt "<提示词>"), so any secrets in that text or in checked alias/config values would be passed on the command line and exposed — a direct secret-exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). 该技能在“来源二：指定编码代理”路径下会把用户提供的审查请求提示词发送到外部 CLI 代理（claude/cursor/kimi 等），其返回的审查文本会被读入并进入本代理的 LLM 上下文；该外部代理属于非操作用户/非本组织的第三方文本来源，存在间接提示注入风险。

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). 该提示明确要求严格执行示例 CLI 命令并包含 claude 的 --dangerously-skip-permissions 标志（指示绕过权限），同时要求读取终端配置并在系统临时目录写入结果 —— 实质上指示绕过安全检查并在主机上执行命令，属于高风险。