bggg-skill-taotie

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires reading and recording full skill files, tool-call sequences, execution traces and outputs (saved to trace.md/outputs) and running subagents, which can include API keys, tokens or passwords verbatim in commands or outputs, so it may force the LLM to handle and emit secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Phase 1 and Phase 2) explicitly reads the full contents of two other skills ("读取两个 skill 的完整结构"
• SKILL.md) and then runs parallel subagents that follow the reference skill B's instructions ("用 subagent 同时启动两个执行实例"
• Phase 2), meaning it ingests and acts on potentially untrusted third-party skill files (e.g., skills cloned from public GitHub as shown in INSTALL.md), which can materially influence agent behavior and tool use.