opencli-explorer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains an explicit example that embeds a Bearer token literal and instructs pulling CSRF/cookie tokens into request headers (and also shows patterns that copy credentials into headers/requests), which would require the agent to include secret values verbatim in generated code/commands — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly requires the AI agent to open arbitrary target websites and ingest their responses (e.g., "你（AI Agent）必须通过浏览器打开目标网站去探索" and workflows using browser_navigate, browser_evaluate/fetch with credentials:'include', browser_network_requests, installInterceptor/getInterceptedRequests, and opencli record to capture JSON from public pages), so it clearly fetches and interprets untrusted, user-generated third‑party web content that can influence subsequent actions.