meitu-upscale

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and recommends setting API keys via commands like meitu config set-ak --value "..." / set-sk --value "...", which requires embedding secret values verbatim on the command line (an exfiltration/high-risk pattern).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and downloads images from arbitrary URLs ("Execute → 输入获取" using --image and "URL 不可达 → 下载到 /tmp/..."), and it uses a Read tool / visual inspection of those untrusted, user-provided third‑party images to decide model_type and subsequent commands, so external image content could materially influence tool choices and enable indirect prompt injection.