vipshop-product-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires displaying product links that may include "exchange token" URLs and directs checking ~/.vipshop-user-login/tokens.json, so the agent is likely to output session tokens/URLs verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's search.py explicitly fetches and parses JSON from public VIP.com APIs (e.g., https://mapi-pc.vip.com/... in search_products and get_product_details) and SKILL.md/README require the agent to read product titles, sellTips, images and links and use them to decide paging and follow-up product-detail calls, so untrusted/public seller-generated content could influence agent actions.