youdaonote

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to ask for and then insert user API keys verbatim into CLI commands (e.g., youdaonote config set apiKey <用户提供的Key> / YOUR_KEY), which requires the LLM to handle and output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow includes a webpage clipping feature (youdaonote -s ydn clip "https://...") described in SKILL.md and explicit content-inspection rules (detecting Markdown features and choosing save/update behavior), meaning the agent fetches and interprets arbitrary public web pages whose untrusted content can change how it constructs commands and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill mandates executing a remote install script at runtime via "curl -fsSL https://artifact.lx.netease.com/download/youdaonote-cli/install.sh | bash", which fetches and directly executes remote code as a required dependency, posing high risk.