bilibili-video-helper

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user to paste full Cookie values (and shows embedding an API key into an Authorization header) and to include them verbatim in curl/yt-dlp commands, which requires the LLM to receive and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses user-generated content from public Bilibili endpoints (e.g., comments via /x/v2/reply, subtitles via /x/player/v2 and subtitle URLs, and danmaku via yt-dlp) as part of its required workflow in SKILL.md, and that content is read and analyzed by the agent (summaries, storage decisions, ASR fallback), so untrusted third-party text could inject instructions.