anonymous-file-upload

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed tokens, private keys, passphrases, and secret tokens directly into commands/headers and output (e.g., "YOUR_DAKU_TOKEN", curl -H "daku: ...", printing privateKey, and share links containing the passphrase), which requires handling secrets verbatim and enables exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs mix legitimate documentation, IPFS gateways and GitHub/image hosting with multiple unvetted third‑party file‑hosting endpoints (transfer.sh, 0x0.st, filedrop.besoeasy.com, blossom.primal.net, 24242.io, generic IPFS gateways and a Docker image) that can host arbitrary archives or binaries without vetting, so while no explicit .exe/.msi links are present the collection constitutes a moderate-to-high distribution vector risk if file provenance and signatures are not verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mirror_web_content workflow (/remoteupload) and accompanying examples explicitly fetch and ingest arbitrary public URLs (e.g., curl POST with '{"url":"https://example.com/image.png"}'), and the decision tree and server-probing instructions show that this untrusted web content is read and can change routing/behavior (HTML handling, fallback probing), so it could enable indirect prompt injection.