xdrop

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires the full share URL including the secret fragment (#k=...) and shows examples embedding that URL verbatim in shell commands, so the agent would need to handle/output sensitive key material directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The download script (scripts/download.mjs) fetches the transfer descriptor via XdropDownloadApiClient.getPublicTransfer using the server URL parsed from a user-provided share link, then fetches descriptor.manifestUrl and the per-chunk URLs to download and decrypt arbitrary files hosted on that external Xdrop server, which are untrusted third-party content that directly drive what the tool fetches and writes.