zimage-generation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs users to paste API keys into the script and to pass secrets as command-line arguments (e.g., --api-key "your_key"), which requires the LLM to handle and potentially output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly calls the public ModelScope inference API (BASE_URL: https://api-inference.modelscope.cn/, e.g., POST to v1/images/generations and GET v1/tasks/{task_id}), parses/prints task JSON (including failure "Details") and downloads the returned output_images URLs—i.e., it ingests untrusted, third-party generated content as part of its workflow.