skills/hanzhcn/laohan-skills/laohan-chuangzuo/Snyk

laohan-chuangzuo

Warn

Audited by Snyk on Jun 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.85). 该 skill 在运行时会执行 Pre-B 的 URL 抓取（“根据平台自动选择方法…保存为 output/content-YYYY-MM-DD.md，进入素材模式”），这些网页正文属于“公共 web content fetched at runtime”，会被后续 Step 1 读入并进入 LLM 上下文进行 Layer A/B 整理。

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 12, 2026, 11:04 PM

Issues

1

Security Audit — snyk — laohan-chuangzuo