jeecg-system

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to provide an X-Access-Token (JWT) and shows examples embedding that token verbatim in command lines and init_api(...) calls, which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously fetches and interprets data from an arbitrary JeecgBoot backend URL supplied by the user (see SKILL.md and scripts/system_utils.py — init_api/_request calling endpoints like /sys/api/getDictItems, /sys/role/list, /sys/dict/getDictItems/… and scripts/system_creator.py which runs queries and then conditionally creates or binds roles/dicts), so untrusted third‑party content from that backend can directly influence subsequent API calls and control flow.