xianyu-monitor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed sensitive secrets verbatim (e.g., --cookie "your_cookie_string" and proxy URLs with user:pass) and instructs using a login state file, which encourages the agent to generate commands containing raw cookies/credentials—creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's spider.py explicitly fetches and intercepts API responses from the public marketplace https://www.goofish.com (Xianyu) and the SKILL.md/architecture docs state the AI reads and analyzes the returned JSON items to make recommendations and trigger notifications, so untrusted user-generated listings can directly influence agent decisions.