note-copilot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to extract and insert verbatim sentences from other notes or web fetches (search_notes/read_note/WebFetch → extract 3-5 sentences → insert into the current note), which could cause the LLM to copy/paste API keys, tokens, or passwords found in source content into its generated output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — Step 5 ("处理 /// — 引用外部内容") explicitly allows "联网搜索" via "WebFetch 或内置搜索能力" to fetch web pages and extract paragraphs (including page titles and URLs) which the agent reads and inserts into the note, exposing it to untrusted public web content that can influence subsequent actions.