aminer-data-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt both requires including an Authorization token in request headers and instructs patterns that expose it (asking users to paste "Here is my token", showing CLI examples with --token , and requiring output of "function name + parameter JSON" before calls), which creates a realistic need to handle or output secret values verbatim despite advising not to—thus posing a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and ingests public AMiner data from the AMiner Open Platform (BASE_URL https://datacenter.aminer.cn and console/docs links in SKILL.md) — e.g., person_search/paper_qa_search and other API calls in scripts/aminer_client.py — and then programmatically selects candidates and drives follow-up API calls based on those results, so untrusted third‑party content can materially influence subsequent tool use and workflow decisions.