story-short-scan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs reusing a logged-in Chrome session and extracting a Bearer token from cookies to call backend APIs, which requires the agent to include secret tokens verbatim in requests/commands (high exfiltration risk).

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This content contains explicit credential-extraction behavior: scripts instruct reusing a user's logged-in Chrome session and extracting an Admin-Token cookie via CDP to call backend APIs (ms.zhangwenpindu.cn), enabling unauthorized access to private platform data and potential misuse; there is no obfuscation or remote shell but the deliberate token-stealing / authenticated-API access pattern is a high-risk data-exfiltration/credential-theft capability.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Flagged: the SKILL.md and accompanying scripts explicitly direct the agent to use browser-cdp to fetch and scrape public third‑party sites (e.g., https://www.ishugui.com/browse and the 黑岩 management site / ms.zhangwenpindu.cn API) and ingest that untrusted, user-generated web content into analysis that directly drives recommendations and next actions.