火一五提示词

The skill is an instruction-only greeting/assistant prompt and largely matches its description, but it explicitly instructs users to provide personal Git tokens and says it will use them — a practice that is risky and insufficiently constrained or explained.

This skill is mostly an introductory prompt, but it explicitly tells technical users to share their Git username and personal Token and says it will use those tokens to operate on repositories. Before installing or using it, consider: do not paste long-lived personal tokens into chat; prefer short-lived or least-privilege tokens (scoped to only what is needed) or an organization service account with limited rights; ask the skill owner how tokens are transmitted, stored, and logged and whether they will be retained; require explicit confirmation for any write/destructive Git actions and audit logs for actions taken; if unsure, decline to share tokens and instead set up a throwaway/ephemeral token with minimal scope to test. If you need higher assurance, ask the publisher for technical details (where credentials are sent, encryption in transit/storage, retention policy, and who can access logs) before providing any secrets.