faceswap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill mainly uses environment variables (secure), but it also shows and instructs replacing placeholders with an actual API key and permits a --api-key argument, which can lead the agent to emit or include secret values verbatim (Authorization: ApiKey ), creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly requires downloading remote videos (YouTube, Bilibili) via the yt-dlp-downloader-skill and fetching images with curl, so the agent ingests arbitrary public/user-generated content (from those third‑party URLs) which is used to determine duration, trimming, uploads, and job creation and therefore could enable indirect prompt injection.