zettaranc-perspective

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for a Tushare token and then embed that token verbatim into commands and function calls (e.g., python -c "test_jnb_connection('用户给的token')" and write_env_file(token='xxx')), which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md and README explicitly require fetching and ingesting open/public third-party content (e.g., Tushare API in JNB mode via modules/tushare_client.py and data_sync, websearch mode, and scripts like scripts/batch_download_bilibili.py & batch_transcribe.py that download Bilibili/YouTube transcripts), and those fetched, user-generated/public sources are parsed and fed into the LLM as part of the mandatory Step 2 research workflow to drive trading decisions—so untrusted third‑party content can materially influence agent actions.