dingtalk-ai-web-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). It asks the user to paste the MCP configuration JSON (including a URL that may contain tokens) and explicitly instructs embedding that JSON verbatim into CLI commands (-c '...'), which requires the agent/LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls an external MCP "web_search" service (e.g., via the MCP gateway URL like https://mcp-gw.dingtalk.com shown in SKILL.md and invoked by scripts/search.sh) to fetch and parse live web search results/snippets from public websites, so the agent ingests untrusted third‑party content as part of its normal workflow.