podcast-workflow

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds a Feishu "父节点 Token" value and shows it being passed directly as a command-line argument to the save_to_wiki script, which forces the agent to include that token verbatim in generated commands/outputs (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content from YouTube (via youtube-feed get_updates.py and youtube-transcript-cn get_transcript.py) and then reads/ processes those transcripts as part of its workflow, exposing the agent to untrusted third-party content.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the entire skill prompt for literal, high-entropy credentials. The only string that looks like a real, usable secret is the Feishu parent node token shown as:
• TOSJwKzxTiFdiRk0aducHNBFntg

Why this is flagged:

• It is a literal value (not a placeholder) and appears random/high-entropy.
• It is labeled "父节点 Token" which implies it may be used to access or reference a Feishu wiki resource, making it potentially sensitive/usable.

Other items examined and ignored:

• Masked/truncated values like "https://my.feishu.cn/wiki/xxx", YouTube links with "xxx"/"xxxxx", and example command arguments (e.g., "YOUTUBE_URL") — these are placeholders/redactions.
• Local file paths (/Users/ugreen/...) — not secrets.
• Skill names, configuration labels, and simple example strings — documentation or low-entropy examples and thus not flagged.

No API keys, private key blocks, or other high-entropy secrets were found aside from the Feishu parent token above.