note-refine

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires preserving and outputting the original document content (and may write it back via yuque_update_doc), so any secrets present in the source notes would be reproduced verbatim by the LLM, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md Step 1 "Case A" and the Required MCP Tools list) explicitly fetches Yuque documents via the yuque_get_doc tool and then reads and may update them with yuque_update_doc, meaning it ingests user-generated, potentially untrusted third-party content that can influence subsequent actions.