multimodal-looker

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). Because the skill explicitly extracts "已填写内容" and text from screenshots/PDFs (forms, UI, etc.) without forbidding returning sensitive fields, the agent may output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and analyzes arbitrary user-provided visual content (images, screenshots, PDFs, design drafts) as described in the "处理类型" and example inputs, which are untrusted third‑party content the agent will read and interpret.