dreamina-upload-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires supplying a sessionid and uses returned access_key_id/secret_access_key/session_token to build Authorization headers and curl commands, which forces secrets to be provided and potentially embedded verbatim in generated requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts HTTP/HTTPS URLs as input and fetches arbitrary user-provided images from the open web (then uploads/returns their URI), meaning it ingests untrusted third‑party content from arbitrary public URLs.