redbookskills

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs extracting and reusing tokens (e.g., xsecToken / XSEC_TOKEN) and passing them directly as CLI arguments (--xsec-token) and embedding id/xsecToken verbatim in follow-up commands, which requires the LLM to output secret token values.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open web content — e.g., SKILL.md and docs/claude-code-integration.md state "用户只提供网页 URL：先提取网页内容与图片/视频" and the code (cdp_publish.py) captures search/feed API responses and page fetches from xiaohongshu.com (search-feeds, get-feed-detail, get-notification-mentions), so untrusted third‑party/user-generated pages and social posts are read and used to generate drafts and drive publishing actions.