coding-assistant

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill automatically reads code, clipboard, selected functions and writes them verbatim into WPS notes (including periodic automatic updates), so any API keys, tokens, or passwords present in those sources would be captured and output directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to pull content from public third‑party sites (e.g., official docs URLs in SKILL.md and the reference that says to "抓图" or use images/text from 官网/掘金/维基 and to prefer official web docs) and to use those external sources as primary references when generating/updating WPS notes, so untrusted user-generated web content can be read and affect decisions; see SKILL.md and reference/reference.md (esp. §2.1 and §0.2/§2) for this workflow.