competition-cloud-metadata-path

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to record and preserve "issued tokens or creds" and token/session details as evidence, which requires the LLM to handle and potentially output secret/token values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). 该技能文档提供了明确、可执行的攻击性步骤用于利用云元数据服务和 SSRF 获取临时凭证、窃取身份并实现权限升级（凭证窃取与系统妥协的工具化玩法），具备明显的恶意/滥用潜力。