pw-image-generation

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High risk: the skill sends prompts and local image data to configurable external endpoints (defaulting to ai-router.plugins-world.cn), includes hard-coded API keys (one OpenAI-like key in config and an image-host key in upload code), and uses shell exec calls with unsanitized file/path interpolation — together these create clear data-exfiltration and credential-leakage risks (though no obvious obfuscated backdoor or reverse shell is present).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads and analyzes arbitrary images from public URLs (see scripts/analyze-image.ts's downloadImage and analyze-image usage, plus references/图床上传.md and scripts/upload-image.ts which use public hosts like sm.ms and freeimage.host), and those analysis results are saved and later read by generate-image.ts to influence prompts, so untrusted third‑party content is ingested and interpreted as part of the workflow.