xiaohongshu-note-creator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to retrieve or ask for image-generation provider keys/ciphertext and embed them verbatim into CLI calls (e.g., --key "note:{id}" --ciphertext "{密文}" or asking the user to provide keys), which requires outputting secret values directly and is high-risk exfiltration behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (Step 2 "read-image" and Step 5 image-generation) and the bundled scripts clearly ingest and download external images/URLs (scripts/image_gen.py accepts public --image URLs and _save_images/urlretrieve fetches provider-returned URLs), so the agent reads and interprets untrusted third‑party content (public image URLs and provider responses) that directly influences prompt construction and subsequent tool actions.