qiaomu-opencli-oneshot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs extracting cookies/Bearer/CSRF values from network captures and shows templates that embed a bearer token literal or place secrets directly into fetch headers/code, which requires the LLM to include secret values verbatim in generated output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly directs the agent to browser_navigate to an arbitrary provided URL and run browser_network_requests / installInterceptor and page.evaluate to capture and parse JSON API responses from that public site (e.g., Steps 1–3 and the TS templates), so untrusted third‑party content is ingested and used to determine requests and generated code/behavior.