kuroco-server-processing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secrets verbatim (e.g., Authorization: "Bearer YOUR_API_KEY", GitHub token, and Slack webhook URLs) which instruct the agent to place API keys/webhook tokens directly into requests or headers, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md (Part 2 "外部API呼び出し" and examples) explicitly shows using {api_request url='https://...'} and plugins like slack_get_message and ai_completion to fetch and assign external/user-generated content to variables (e.g., var='response') which are then read in conditionals and foreach loops (e.g., checking $response.errors, iterating $response.list), so untrusted third‑party content can be ingested and materially influence subsequent actions.