The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill contains literal hardcoded credentials in the script files.
scripts/img_search.py contains a hardcoded API_KEY string used for API authentication.
scripts/exchange_link_builder.py contains a hardcoded 64-character secret key in the _get_secret function, which is used for generating HMAC-MD5 signatures for authentication links.
[DATA_EXFILTRATION]: The skill reads sensitive authentication data from a local file and sends it to external servers.
Both scripts/img_search.py and scripts/exchange_link_builder.py access ~/.vipshop-user-login/tokens.json to retrieve the user's PASSPORT_ACCESS_TOKEN and mars_cid.
These sensitive identifiers are subsequently transmitted to VIPShop's API endpoints (e.g., mapi-file-tx.vip.com, mapi-pc.vip.com) or embedded in generated product links.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data without sanitization.
Ingestion points: The skill accepts user-supplied local image file paths and retrieves product details (including selling points/labels) from external VIPShop APIs.
Boundary markers: None identified in the prompt instructions or scripts to separate user/API data from instructions.
Capability inventory: The skill performs network requests (POST/GET via urllib), reads sensitive local files (tokens.json), and executes local Python scripts.
Sanitization: The script extracts values from the API response (labels) and returns them to the agent, which is then instructed in SKILL.md to "must fully display all data returned by the Python script" without any mention of sanitization or filtering of potentially malicious text returned from the API.

vipshop-img-product