tos-file-access

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly directs the agent to obtain and write VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY into an environment file (and run commands to make them effective), which requires embedding secret values verbatim in outputs/commands and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads arbitrary external URLs (see SKILL.md "Pre-Agent Execution: Download User Files") using scripts/file_download.py to fetch user-provided public URLs which the agent is expected to ingest and process, so untrusted third-party content can materially influence the agent's subsequent actions.