xiaohongshu-cover-generator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt tells the agent to check for or ask the user for the CANGHE_API_KEY and explicitly shows running the script with the API key as a command-line argument (or asking the user to provide it), which requires the LLM to handle/insert the secret verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill sends user-provided referenceImage URLs (scripts/handler.ts) to the external API at https://api.canghe.ai/, meaning it can ingest arbitrary public/user-hosted images which the model will read/interpret as part of generation, creating a clear path for indirect prompt injection.