tos-file-access

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly directs the agent to obtain and write VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY into an environment file (and run commands to make them effective), which requires embedding secret values verbatim in outputs/commands and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly downloads arbitrary external URLs (see SKILL.md "Pre-Agent Execution: Download User Files" and scripts/file_download.py which calls requests.get on user-provided URLs) and those downloaded, untrusted files are intended to be processed by the agent, so third-party content could influence agent actions.