dbs-report

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly reads user-created session files and instructs the agent to merge and reproduce fields verbatim (including "敏感信息...原样保留"), so any API keys/passwords or secrets present in those files would be output unchanged—creating a direct exfiltration risk.