ai-news

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly documents a headless login using a --token CLI argument (and similar webhook URL settings), which encourages embedding secrets directly in generated commands and could cause the agent to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly includes an "Analyze a URL" workflow (ai-news url:analyze --url and ai-news url:status) that submits arbitrary external URLs for extraction and analysis, so untrusted third-party page content is ingested and used to drive summaries/decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The ai-news CLI explicitly states that business commands are "dynamically loaded from the server" at runtime (server URL: https://ai-news.stringzhao.life), meaning remote content can change/define CLI commands and thereby directly control agent instructions or behavior.