music-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly extracts and returns pan share links and their "extractCode" (提取码/密码) in JSON and instructs the agent to present them to users, which requires emitting secret access codes verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls a web-search bridge and performs JavaScript deep scraping of public pages (see music-search.js: callWebSearch, searchViaDeepExtract and parse/extractPageUrls) and scripts/shared/deep-extract.js (searchBaidu, fetchPageContent, batchFetchAndExtract) to fetch and parse arbitrary public webpages and search results (untrusted/user-generated content), and those parsed contents are directly used to extract links, extract codes, score/select pages, and drive the agent's search/resolution decisions.