ima-notes

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the user to copy the client_id and api_key and provide them to CountBot so the agent will receive and insert those secrets into config.json, requiring verbatim handling of API keys.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated notes from the IMA OpenAPI (e.g., openapi/note/v1/search_note_book and openapi/note/v1/get_doc_content called in scripts/ima_tool.py and described in SKILL.md/config.help.md against https://ima.qq.com), and those note contents are read and used by the tool (search/read/resolve/append flows), so untrusted third-party note text could materially influence decisions or subsequent tool actions.