自媒体文案生成器

The skill is classified as suspicious primarily due to a hardcoded LLM API key found in `src/generator.py` (`sk-sp-1f1d92cdff7d4cbd8dcbe1cd08711606` for dashscope.aliyuncs.com). While this key is used for the skill's stated purpose (interacting with an LLM), hardcoding credentials is a significant secrets management vulnerability. Additionally, the skill makes outbound network calls to an external LLM service, and its design allows user input to be directly incorporated into the LLM's prompt, creating a potential prompt injection vector against the underlying AI agent, which is a common vulnerability in LLM-powered applications.