byted-marketing-agent-trending-list

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to request user AccessKey/SecretKey and then append them to CLI calls as --ak/--sk (stored in VOLC_AK_INPUT/VOLC_SK_INPUT), which requires embedding user secrets into generated commands/requests and thus risks verbatim secret handling/exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (SKILL.md Step 1/Step 2) and scripts/openapi_client.py explicitly call the external Volcengine API (host cdp-saas.cn-beijing.volcengineapi.com / PUBLIC_INSIGHT_API_URL) using list-industries and query to fetch trending/public content (e.g., related video titles, links, summaries, analysis) that the agent parses and uses to format results and drive follow-up actions, so it clearly ingests untrusted/user-generated third‑party content that could carry indirect prompt injection.