hundun

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill references an explicit set_api_key script and an auth flow that requires "writing the user-provided hd_sk_ key," which implies the agent will accept and pass raw API-key values to scripts (and may embed them in commands or outputs), creating a high risk of verbatim secret handling and exfiltration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill at runtime calls the Hundun API (base URL https://hddrapi.hundun.cn) to retrieve an AES-encrypted script_url which is decrypted and then fetched (decrypted_url) by scripts/get_script.sh, and that remotely fetched course content is injected into the agent's responses — i.e., external content fetched at runtime directly controls the agent's output.