pixiv

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user for their Pixiv Refresh Token and instructs running a CLI command that embeds that token as a direct argument (node ... login <REFRESH_TOKEN>), requiring the LLM to handle and output the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI and scripts (notably scripts/pixiv-cli.js and scripts/download-ugoira.js / pixiv-app-publish.js) call Pixiv APIs and download/print illustrations, rankings, user profiles, feeds and image files from pixiv.net/app-api.pixiv.net — public, user-generated content that the agent fetches and interprets as part of its workflow, so it can receive indirect prompt injection from untrusted third-party content.