tingwu-asr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs extracting browser cookies and saving them via a CLI command (and allows storing account passwords in .env), which requires embedding secret cookie/token/password values verbatim into commands/files—an explicit secret-exfiltration pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's runtime contacts the public tingwu.aliyun.com service (see scripts/tingwu.py, transcribe.py and poll_tasks.py) to fetch transcription results, lab analysis (get_lab_info) and PPT image URLs which it downloads (download_ppt_images) and then parses/uses to generate Markdown and AI summaries, meaning untrusted/user-generated content from third‑party web endpoints is ingested and can influence subsequent processing.