byted-link-reader

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill tells the agent to ask the user for ARK_API_KEY/MODEL_AGENT_API_KEY and then write them into a workspace environment file (appending or emitting environment lines), which requires the LLM to handle and output the secret values verbatim into commands/files, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill (SKILL.md and scripts/link_reader.py) explicitly instructs running link_reader on arbitrary public URLs (web pages, PDFs, Douyin videos) and returns their titles and content, so the agent ingests untrusted third-party content that could include instructions and influence subsequent behavior.