sn-image-base

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt documents and exemplifies passing API keys directly (e.g., --api-key "sk-xxx" and provider apiKey fields), which encourages the agent to accept and emit secret values verbatim in commands/config, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and downloads arbitrary image URLs (scripts/sn_agent_runner.py recog_parser "--images" says "Image file paths or URLs" and scripts/sn_image_base/generation/sensenova.py downloads provider-returned image URLs) and invokes external VLM/LLM endpoints for sn-image-recognize and sn-text-optimize (SKILL.md and run_image_recognize/run_text_optimize), so untrusted third-party content and model outputs are fetched and directly interpreted to produce results, which could enable indirect prompt injection.