chat-with-anyone

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit example passing the Noiz API key as a command-line argument ("python3 ... --set-api-key YOUR_KEY"), which requires embedding the secret verbatim in commands and risks exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Workflow A explicitly instructs the agent to search for and download public videos from sites like YouTube/Bilibili/TikTok and read their auto-generated subtitles (A2–A4), so untrusted, user-generated third-party content is ingested and used to guide voice cloning and roleplay, enabling indirect prompt injection.