xianyu-data-grabber

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs users to copy Gitee tokens and Xianyu cookies into a config file and shows examples that embed Authorization headers/credentials (e.g., curl -H "Authorization: Bearer YOUR_TOKEN"), which requires the agent to include secret values verbatim in commands/requests and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's grabber scripts (grabber.js / grabber-enhanced.js) use Playwright to visit and scrape public listing pages on https://www.goofish.com/ (闲鱼) and then OCR/parse those user-generated pages, and those parsed results are used by recommend.py and upload/report workflows to drive decisions and actions—therefore it ingests untrusted third‑party content that can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill documentation includes runtime commands that fetch and execute remote code — e.g. INSTALL.md's "curl -sL https://raw.githubusercontent.com/your-username/xianyu-data-grabber/main/install.sh | bash" (and the updater that downloads https://gitee.com/$GITEE_OWNER/$GITEE_REPO/archive/main.zip), which would run remote content during execution and can therefore control/replace code — this is high-risk.