web-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). It explicitly instructs prompting the user for API keys (WEB_SEARCH_API_KEY, VOLCENGINE keys) and writing them into the workspace env file (embedding secrets), which requires the agent to receive and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md) requires calling the web_search function and "根据返回的摘要列表组织答案", and scripts/web_search.py clearly fetches/searches public web content via the open.feedcoopapi.com web_search API (and Volcengine API at mercury.volcengineapi.com) and uses the returned untrusted summaries to compose responses, so third-party content can influence agent actions.