jimureport

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires asking for X-Access-Token and YApi login credentials and then embeds those secrets verbatim into CLI commands, Session initializers, and preview URLs (e.g., ?token={token}), which forces the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires fetching and ingesting data from external API endpoints and the public YApi platform (see "API 数据集快速路径" and "YApi Mock 数据源" / use of parse_api(session, api_url) and create_mock against https://api.jeecg.com), meaning untrusted/user-provided web content is parsed and can influence dataset/chart creation and subsequent actions.