Geek-skills-seedream-imagegen

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This prompt contains examples that embed API keys directly in CLI args and code (e.g., --api-key YOUR_API_KEY and SeedreamImageGenerator(api_key="your_api_key_here")), which would require the agent/LLM to include secret values verbatim and therefore poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary external reference image URLs (see "使用参考图像" in SKILL.md and the image_input parameter) and the script (scripts/generate_image.py) includes those URLs in API requests and even fetches image URLs via requests.get, so untrusted third‑party content is ingested and can directly influence generation behavior.