content-digest

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). 该 skill 明确要求对图片与文本“逐字提取”“金句摘录（逐字引用）”并写入笔记，若输入包含 API 密钥/密码/令牌 等敏感字符串会被原样输出，存在凭据外泄风险。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Flagged because the required workflow explicitly fetches and ingests arbitrary public webpages and network images (see "第一步：识别输入类型并获取内容" showing WebFetch(url) and the network-image flow using insert_image(url) + read_image) and then uses that content to generate notes and actionable items, so untrusted third‑party content can influence the agent's outputs and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls WebFetch(url) and insert_image(url) at runtime to fetch arbitrary external pages/images (e.g., https://example.com/article) and inject their content directly into the model context to drive its prompts, creating a clear risk of prompt injection or remote-controlled content influencing agent behavior.