acestep

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt instructs the agent to ask the user for an API key and shows example commands that embed the key as a command-line argument (e.g., ./scripts/acestep.sh config --set api_key "your-key" / ), which would require the LLM to handle or output the secret verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls external ACE-Step API endpoints (configurable api_url, e.g., https://api.acemusic.ai) — notably /v1/chat/completions and /release_task /query_result — and the scripts parse and act on returned JSON fields (prompt, lyrics, metas, and audio file paths) to decide downloads and subsequent workflow, so untrusted third-party responses can influence tool actions and outputs.