netease-music-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). 该技能指示使用命令（例如 ncm-cli config set privateKey <你的privateKey>）将 API 密钥/私钥作为命令行参数或明文配置，意味着代理可能需要生成或处理包含密钥原文的输出，存在明显的密钥泄露风险。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to run ncm-cli commands (e.g., "ncm-cli search song", "ncm-cli commands") that query the public NetEase Cloud Music service and consume search/playlist/song metadata (public/user-generated content) which the agent must read and act on as part of its workflow, exposing it to untrusted third-party content.