weibo-hub

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly tells the agent to source an offloaded env file and capture/parse os.environ (COOKIE_* including SUB/SUBP) and then call setup_credential(cookies), which causes secret cookie values to be read into the agent's context and handled directly, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and scripts/client.py explicitly call public Weibo endpoints (BASE_URL=https://weibo.com and MOBILE_BASE_URL=https://m.weibo.cn) to fetch hot searches, feeds, search results, post details, comments and user profiles (user-generated, untrusted third‑party content) which the agent is expected to read and act on as part of its workflow, enabling indirect prompt injection.