dida365-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows a command that requires passing a cookie token as a CLI argument (dida365 auth cookie ), which would force the model/user to include a secret value verbatim in generated commands — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls Dida365's public API (e.g. https://api.dida365.com/api/v2 and OpenAPI endpoints like GET /open/v1/project/{projectId}/data and the "sync all" endpoint) and ingests user-generated task/project/content fields which the agent reads and displays, exposing it to untrusted third‑party content.