unisound-surgery-sufficiency-review

The skill bundle is designed for medical surgery sufficiency reviews but contains hardcoded internal infrastructure details, including a PostgreSQL database host (10.10.20.15) and a specific LLM API endpoint (maas-api.hivoice.cn) in scripts/surgery_sufficiency_review.py. While these appear to be functional requirements for an internal tool, hardcoding internal network addresses and database schemas is a security vulnerability that could facilitate unauthorized internal network access or lateral movement. The script processes sensitive medical records and transmits them to the hardcoded API endpoint, which, although requiring a user-provided appkey, represents a high-risk data flow.