resolve-kwai-cdn-url

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples and instructions to pass raw cookies and proxy credentials on the command line (e.g., --cookie "<YOUR_COOKIE>", --cookie-file, --proxy "http://user:pass@host:port"), which would require the agent to include secret values verbatim in generated commands/outputs, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's resolver scripts (e.g., scripts/kwai_extract_cdn.py and scripts/kwai_videodl_resolve.py) fetch and follow public Kuaishou URLs and GraphQL endpoints (https://www.kuaishou.com/graphql, m.kuaishou.com, v.kuaishou.com redirects, etc.) and parse HTML/INIT_STATE/JSON responses from those public pages as part of normal operation, meaning untrusted, user-generated third‑party content is ingested and directly influences the tool's decisions (which CDN URL to return).