dingtalk_channel_connect

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to "获取并展示 Client ID 与真实 Client Secret", which requires reading and outputting secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill launches a headed browser to open and snapshot the public DingTalk developer site (https://open-dev.dingtalk.com/) and to download user-supplied image links, and it explicitly reads/interprets page text/structure from those third‑party pages to decide clicks/uploads and next actions, so untrusted web content can materially influence the agent's behavior.