wps-airpage

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.95). The skill explicitly includes a manual fallback of passing cookies and CSRF tokens as command-line arguments (e.g., auth --set-cookie ... --set-csrf ...), which requires embedding secret values verbatim in commands and so poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and commands (SKILL.md / AGENTS.md and references/block-ops.md) explicitly fetch and parse user-generated AirPage documents and search results from https://365.kdocs.cn (e.g., node scripts/cli.js search / query / convert and the POST https://365.kdocs.cn/api/v3/... execute endpoint), so the agent routinely ingests untrusted third‑party document content which can directly determine block IDs, indices, and subsequent edit/comment actions—enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README explicitly instructs agents to fetch and load runtime instructions from https://raw.githubusercontent.com/ioopsd/wps-airpage/main/AGENTS.md (via curl), which would inject remote content that directly controls agent prompts/behavior at runtime.