tech-analysis-reporter

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). 该Skill会在无法访问私有仓库时要求用户“提供Personal Access Token”并执行克隆/请求操作，意味着Agent可能需要接收并在命令或请求中使用该Token（即明文凭据），存在密钥被输出/外泄的风险。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones and reads arbitrary GitHub repositories (Phase 1 "GitHub链接" / SKILL.md and scripts/analyze_project.py's git clone into /tmp/tech-analysis-repo) and ingests project files like README.md, package.json and source files into project_info that are then fed into prompt templates (templates/prompts/*.md) for generation, so untrusted, user-generated third‑party content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill clones user-supplied git repositories at runtime (e.g., "git clone --depth 1 " and the example https://github.com/openclaw/openclaw), reads README and other files, and injects that fetched repo content into the prompt templates used to generate report chapters—so remote repo content can directly control prompts and thus the agent's behavior.