court-sms

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs extracting account numbers and default passwords from SMS and using them in automated login/download steps (Playwright/HTTP), which requires embedding those secret values verbatim in generated commands or automation actions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and automates browsing of public third‑party court platforms (e.g., zxfw.court.gov.cn, dzsd.hbfy.gov.cn, sd.gdems.com, jysd.10102368.com) per the SKILL.md workflow—downloading API responses and PDFs and parsing their text—which the agent is required to read and use to decide downloads, case matching, and appeal‑deadline calculations, exposing it to untrusted external content.