iconfont-downloader

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks for username/password and shows them embedded verbatim in tool call JSON (e.g., "password": "your_password"), which requires the LLM to handle and output secrets directly, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches and scrapes content from the public Iconfont site and APIs (see searchByAPI, searchByScraping, fetchSVGFromDetailPage and browser.evaluate in scripts/index.* and SKILL.md), and it uses the returned titles, IDs, preview/svg URLs and page DOM to decide what to download and to drive fetch/download actions—so untrusted third‑party content can materially influence tool behavior.