lexiang-knowledge-base

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask users to provide the MCP access_token and to insert/replace ${LEXIANG_TOKEN} (and similar) into mcp.json or export commands, which requires the LLM to handle and potentially emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and supporting docs explicitly instruct the agent to fetch and read user-generated knowledge-base pages and external links (e.g., using search_kb_search, entry_describe_ai_parse_content, and file_create_hyperlink for mp.weixin.qq.com), so the agent ingests untrusted third‑party content as part of its workflow which can influence subsequent tool calls and actions.