media-downloader

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Insecure: the prompt explicitly instructs the agent to ask the user to "粘贴给我" (paste the API key) and then embed that secret verbatim into shell commands to export it, which requires the LLM to receive and output the secret value directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly searches, fetches and ingests content from public third‑party sources (Pexels, Pixabay, Unsplash and YouTube via yt-dlp, including downloaded media and yt-dlp JSON search results/cookies) as part of its normal workflow, exposing it to untrusted/user‑generated content that could enable indirect prompt injection.