alibabacloud-das-agent

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires extracting and reusing verbatim session IDs and to relay the script's complete stdout unchanged (and to pass session IDs via --session), which forces the agent to copy and output tokens/credentials literally and thus enables secret exfiltration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the external DAS Chat API at https://das.cn-shanghai.aliyuncs.com/ at runtime to receive SSE assistant/tool messages that directly determine the agent's prompts/responses and is required for the skill to operate, so the fetched content controls agent output.