byted-ark-trainer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires collecting API keys (ARK_API_KEY, VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY), asks the agent to prompt the user to provide and write them into a .env or export them via commands (e.g., export ARK_API_KEY=...), which forces the LLM to handle and may output secret values verbatim in commands or files — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow runs rollout/grader plugins via ark-trainer-helper train evaluate (Step 4 and RFT data-collect) and the Function Calling guide (references/模型精调数据集格式指南/Function Calling 样本要求.md) explicitly documents LinkReaderPlugin and WebSearchPlugin for parsing/searching web pages, meaning the agent will execute code that fetches and interprets open web content whose outputs directly determine BON/AON metrics and subsequent training actions.