1688-shopkeeper

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the user to provide their 1688 AK (e.g., "我的AK是 xxx") and shows commands like cli.py configure YOUR_AK and ALI_1688_AK=xxx, which requires the agent to accept and likely embed the secret verbatim in commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches product listings and markdown from the public 1688 API (see scripts/_api.py: search_products calling https://ainext.1688.com/1688claw/skill/searchoffer and references/search.md + scripts/search.py which require the agent to output and analyze the returned markdown and data.products[].stats), and those untrusted, user-generated supplier descriptions/stats are read and used to decide/push further actions (e.g., publish), so third-party content can materially influence tool use.