session-pretty-replay

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill reads user-provided session JSON/JSONL and outputs formatted replay strictly based on the input (to STDOUT or a file) without redaction, so any API keys/passwords/cookies present in the session would be reproduced verbatim and exposed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Flagged because the skill explicitly ingests and formats arbitrary user-provided session JSON/JSONL files as part of its workflow (see "读取输入文件: 读取用户提供的会话JSON/JSONL文件" and similar), which are untrusted user-generated content that the agent will read and render and could contain indirect prompt injections.