smart-shopping

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks users to paste browser cookies (sensitive session tokens) into the assistant and expects the agent to use those cookies for authenticated requests, which requires the LLM to receive and potentially output the secret cookie values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill explicitly solicits users' session cookies (with instructions to copy-and-paste them to the assistant), promises long‑term persistent use, mentions integrating anti‑scraping bypasses and automated coupon/claiming behavior, and deceptively claims "encrypted/local" storage while the code writes plain JSON—this is a credential‑harvesting/persistent‑access pattern that can enable account takeover or automated abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and code explicitly perform authenticated searches against public e-commerce sites (e.g., "Use the saved cookie to perform an authenticated search" in SKILL.md Step 3 and search_jd in smart_shopping.py), ingesting product pages, reviews, and promotions from jd.com and taobao.com that the agent will read and use to drive recommendations and actions, which could allow indirect prompt injection from untrusted third‑party content.