har-to-vue

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires converting HAR fields (including request.headers, postData, cookies) into generated code/services without redaction, so secrets like API keys or bearer tokens present in HARs could be reproduced verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly ingests HAR files exported from browsers (see SKILL.md/README instructions to "导出 HAR 文件" and scripts/har_to_vue.ts's loadHarFile and generateApiCode which parse entry.response.content.text), so it reads untrusted third‑party response content and uses that content to drive code generation and naming decisions.