use-other-model

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). 包含明确指令“绕过嵌套检查: unset CLAUDECODE”，这在引导如何规避平台/安全检查，属于越权/规避保护的命令，与技能声称的“在保证质量和安全前提下优化 token”目的不一致，构成隐藏/欺骗性指示。

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user for API configuration and to generate/start scripts (execute-task.sh) that may embed those credentials (and even explicitly mentions deleting scripts that contain API keys), which implies the LLM would need to handle and potentially emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows explicitly call MCP web tools (e.g., mcp__MiniMax__web_search in references/method-a-mcp-tools.md) and instruct launching independent child sessions using user-provided ANTHROPIC_BASE_URL/API credentials (references/method-b-independent-session.md and environment-variables.md), so the agent will fetch and read untrusted public/third‑party content (web search results and external model outputs) that can directly influence tool use and subsequent actions.