bilibili-video-download

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly allows embedding user cookie/session secrets (e.g., --auth "SESSDATA=...; bili_jct=...") into commands when manual authentication is requested, which requires the model to accept and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow and references (notably SKILL.md steps and references/supported-inputs.md) explicitly require the agent to accept and act on arbitrary public Bilibili URLs (user-provided/open web content) and to consult external sites (https://yutto.nyakku.moe/ and https://github.com/yutto-dev/yutto), so untrusted third‑party, user-generated content is fetched/ingested and can change command assembly and execution decisions.