unisound-diagnosis-review

The skill bundle contains hardcoded internal infrastructure details, including a private IP address (10.10.20.15) and database credentials (user 'audituser') within 'scripts/diagnosis_review.py'. While the 'SKILL.md' documentation acknowledges this and the code's behavior aligns with its stated purpose of medical diagnosis auditing, hardcoding such sensitive configuration is a significant security vulnerability. Furthermore, the script exfiltrates medical record data to an external LLM API (maas-api.hivoice.cn), which, although intended, poses a privacy risk.