xdrop

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires users to supply and the agent to use full Xdrop share links including the fragment "#k=..." (the decryption key) verbatim in commands (e.g., bun scripts/download.mjs "http://...#k=..."), which forces secret values to appear directly in generated outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The download script (scripts/download.mjs) fetches the transfer descriptor via XdropDownloadApiClient.getPublicTransfer using the server URL parsed from a user-provided share link, then fetches descriptor.manifestUrl and the per-chunk URLs to download and decrypt arbitrary files hosted on that external Xdrop server, which are untrusted third-party content that directly drive what the tool fetches and writes.