skills-download

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to obtain and write environment variables (including VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY) into a workspace file and make them effective, which requires handling and embedding secret values verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (scripts/skills_download.py and SKILL.md) calls ListSkillsBySpaceId via ve_request and then downloads and extracts skill package zip files from arbitrary TOS buckets/paths using tos_client.download, thereby ingesting untrusted, user-provided skill packages that could contain executable instructions capable of influencing agent behavior.