yes-zh

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the agent to run commands like cat config.yaml | grep key and "貼出實際值" (paste the actual value) and allows requesting passwords, which requires reading and outputting secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Flagged because SKILL.md explicitly requires using WebSearch ("先查再問" and the "五步自檢" step ② "WebSearch 搜完整錯誤訊息"), which instructs the agent to fetch and read open web content that can influence diagnostics and next actions, exposing it to untrusted third‑party content.