ai-court

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs embedding API keys and tokens directly into config files (shows a JSON with "apiKey": "sk-your-api-key") and requires providing App Secret/Bot Token, which encourages handling and potentially outputting secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted user-generated content from IM platforms (e.g., Feishu event subscription im.message.receive_v1 in configs/feishu/README.md and the open "groupPolicy"/dmPolicy settings in references/feishu-setup.md), and the Silijian/司礼监 workflow shows those incoming messages are routed to agents and can trigger sessions_send, message dispatch, and task-store actions—so third-party messages can materially influence agent decisions and tool use.