dot-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks users to provide app_id/app_secret, OAuth codes and access tokens and shows examples and CLI/Python calls that embed those secrets (e.g., --user-token, Authorization: Bearer {app_access_token}) which would require the LLM to include secret values verbatim in generated commands/code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (Step 2 "原材料导入" / "Source Material Import" and the celebrity research subflow) explicitly fetches and ingests external, user-provided or public web content—e.g., Feishu auto-collector and feishu_browser.py (reading feishu_url), feishu_mcp_client.py, dingtalk_auto_collector.py, slack_auto_collector.py, download_subtitles.sh and the "web-only" research steps—and those Read/collector outputs are directly consumed by the analysis and generation pipelines, so untrusted third‑party pages and user-generated content can materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The repository URL https://github.com/titanwings/colleague-skill is referenced as the runtime install source (git clone / "Install the dot-skill skill for me" that an Agent will clone) and thus would fetch remote code (prompts/tools) that the skill then runs or uses to control prompts and behavior—constituting a required runtime dependency that executes remote code.