macos-clipboard

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to run pbpaste and display clipboard contents (truncated to 500 chars), which would force the LLM to output any secrets stored on the clipboard verbatim and thus enables exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly uses pbpaste to read and process the macOS clipboard (e.g., "pbpaste" and "读取剪贴板后，展示内容"), so the agent will ingest arbitrary user/third-party clipboard content (which may originate from untrusted public webpages or social media) and could be influenced by embedded instructions.