daily-report

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains plaintext node_token values and references feishu obj_token fields that the agent would need to use or may be asked to include verbatim (e.g., in API calls or outputs), so it requires handling secret tokens directly and poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md workflow explicitly requires fetching "过去12-24小时AI新闻" and lists web_search / web_fetch as dependencies, so the agent ingests open/public news sources (untrusted third‑party content) which are then parsed and used to generate reports and trigger downstream actions like creating/sending Feishu documents.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). Two high-entropy, non-truncated token-like values are present in the yaml under wiki_parents.node_token:
• "LmZ6wKwTViA4bSkVSYfcJGFcnRf"
• "Nwwiwh6PNiesZqkWNw7cWegjn2c"

These are not placeholders, are not simple/setup passwords, and look like real service access tokens (sufficient entropy and format). I did not flag the example feishu_doc.obj_token ("...") because it is a placeholder/truncated value.