1panel-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). 该 Skill 要求用户提供 API Key 并展示在脚本中将该密钥用于计算 token 并用于请求头，这会让代理接收并可能在生成的命令/代码中包含秘密值，存在密钥外泄风险。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's API docs show it ingests external, potentially untrusted content — e.g., the Apps module exposes GET /apps/sync/remote (docs/SKILL-apps.md) to sync remote app-store data and the Cronjobs module supports scriptMode = "scriptUrl" (docs/SKILL-cronjobs.md), meaning the agent would read/execute third-party content that can change installs/commands and thus materially influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill exposes 1Panel APIs that include user management, hosts/SSH, firewall, service and file management — functionality that can modify system state (including creating users or changing SSH/service configs) and thus could be used to compromise the machine the agent runs on.