gangtise-copilot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to prompt for accessKey/secretAccessKey (or read them) and then write/embed those values into an authorization JSON and use them in a live authentication call, which requires the LLM to handle and potentially output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This wrapper installs and orchestrates upstream Gangtise skills that explicitly fetch and ingest third‑party content — e.g., gangtise-kb-client (kb.py) and gangtise-file-client (report.py/get_file) which pull research reports, opinions and WeChat messages, plus gangtise-web-client (web.py) which searches the open web via open.gangtise.com and files from gts-download.obs.myhuaweicloud.com — and the workflows (described in SKILL.md and references/skill_registry.md) consume and act on that untrusted content as part of analysis, so external content can materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.95). The installer script downloads and unpacks runtime skill code from the canonical OBS bucket (e.g. https://gts-download.obs.myhuaweicloud.com/skills/.zip) during execution, which provides required remote code that is installed and later executed by the agents — a clear runtime dependency that can control behavior.