media-analyze

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs constructing Authorization headers with TAVILY_API_KEY and extracting/including Weibo SUB/SUBP cookies in request headers, which requires embedding secret values verbatim into generated requests/outputs and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's mandatory workflow and subagent templates explicitly fetch and ingest untrusted public web content (e.g., so.toutiao.com, wx.sogou.com, cn.bing.com, m.weibo.cn and Tavily API raw_content) and require the agent to read and synthesize full articles/posts to drive analysis and conclusions, enabling indirect prompt injection from third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The README includes a curl|bash installation command that fetches and executes a remote install script from https://raw.githubusercontent.com/hwj123hwj/custom-skills/main/media-analyze/install.sh (and that install.sh in turn downloads additional skill files), which clearly fetches remote code and executes it as part of setup, making it a high-risk runtime/execution dependency.