yoitao-jimeng-sessionid

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). 该技能明确要求读取浏览器 Cookie 中的 sessionid 并“直接返回 sessionid 值”，这要求代理将认证凭据以明文逐字输出，存在敏感信息泄露风险。

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill programmatically reads and returns the jimeng.jianying.com "sessionid" cookie to the caller—an explicit credential/token extraction that can enable account hijacking or unauthorized access.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill automatically navigates to and inspects the public site https://jimeng.jianying.com/ai-tool/home (checking page elements like the "登录" button or membership info) and reads cookies, therefore consuming untrusted third-party web content that could enable indirect prompt injection.