mo-shared

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs asking users for their API key and shows CLI commands that embed the key as a command-line argument (e.g., mocli auth init --apik ), which creates a strong risk that the LLM will need to include secret values verbatim in output despite a prohibition elsewhere.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly runs the mocli CLI and parses its JSON reply (SKILL.md "通用执行流程" and "响应解析规则"), ingesting user-generated public content from the 墨问 platform (notes, users, meta.alerts/meta.hints) which can contain actionable hints or commands (examples in references/mocli-output-proto.md), so untrusted third-party content is read and can materially influence actions.