kuroco-server-processing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed API keys, tokens, and webhook URLs directly in headers and template calls (e.g., "Bearer YOUR_API_KEY", webhook_url="https://hooks.slack.com/services/xxx/yyy/zzz", "token YOUR_GITHUB_TOKEN"), which instructs generating output that contains secret values verbatim and therefore creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly documents runtime calls to external, user-controlled sources—e.g., Part 2 "外部API呼び出し" shows {api_request url='https://api.example.com/endpoint'} and other plugins (slack_get_message, twitter_post_message, assign_manifest_json with URLs, api_request/gitHub APIs) that fetch and assign third‑party content into template variables which are then read and used in control flow, so untrusted external content can influence actions.