byted-web-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks users to paste their API Key into the chat ("API Key 直接在本聊天框发给我即可"), which requires the LLM to receive and handle secret values verbatim (high exfiltration risk).

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk: the code sends user-supplied API keys/queries to a non-official endpoint (INTERNAL_API_URL = "https://open.feedcoopapi.com/...") and the documentation explicitly instructs users to paste secret keys into chat, which together create a clear credential-exfiltration vector; there is no obfuscated backdoor or remote-exec code, but the external proxy usage plus social-engineering guidance is a deliberate abuse pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill (SKILL.md and scripts/web_search.py) explicitly performs live web/image searches via the 火山引擎 WebSearch API (e.g., INTERNAL_API_URL / mercury.volcengineapi.com) returning public webpage snippets/URLs which the agent is instructed to call “优先调用本 skill 再作答” and use to inform answers, so untrusted third‑party content is fetched and can influence subsequent actions.