agent-swarm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to ask for user-provided API keys and shows examples of generating configuration JSON that embeds an "apiKey" value (e.g., "sk-xxx（用户提供）"), which requires the LLM to include secret values verbatim in its output and thus poses a direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). 是——技能明确让子智能体（例如 SKILL.md 中的 researcher、pm、github-tracker）使用 web_search / web_fetch 并在多处 sessions_spawn 示例中直接“搜索 LangChain/AutoGPT/...”并将搜到的外部资料作为输入供后续 writer/coder/automator 等智能体继续处理与决策（SKILL.md 的“可用智能体团队”表格与“编排流程”及示例代码），这意味着来自公开网页/论坛的非信任性第三方内容会被读取并能实质性影响后续工具调用与行为，存在间接提示注入风险。