readgzh

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs including API keys like Authorization: Bearer sk_live_... or ?key=sk_live_... in requests/URLs, which requires the agent to handle and output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to call the readgzh.read API to scrape and ingest full-text WeChat Official Account articles (mp.weixin.qq.com), as shown in SKILL.md and openapi.yaml, meaning the agent will read untrusted, user-generated web content that can influence subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill makes runtime calls to the external API https://api.readgzh.site to fetch full article text that is injected into the agent's context (effectively controlling prompts), and the skill depends on this API for its core functionality.