famou-experiment-manager

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to input an API_KEY and instructs running a command that embeds that key verbatim (python3 scripts/config.py write <YOUR_API_KEY>), which requires the LLM to handle/output the secret directly and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill calls the external Famou service via famou-ctl (see SKILL.md commands like "famou-ctl experiment status/logs/results" and the DEFAULT_API_URL https://pro-service.famou.com) and parses experiment status, logs and results—third‑party/user-generated content that the agent reads and uses to decide polling, retries, deletions, and other follow-up actions, creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's setup step recommends running "pip install famou-sdk -i https://pip.baidu-int.com/simple --pre", which fetches and installs remote Python code from the specified index (https://pip.baidu-int.com/simple) and is a required dependency for the famou-ctl CLI, so this external URL can cause execution of remotely supplied code during runtime/setup.