last30days-cn
Warn
Audited by Snyk on Jul 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). SKILL.md’s runtime path runs
python {{SKILL_DIR}}/scripts/last30days.py "{{USER_TOPIC}}" --emit compact, and that script fetches outsider-authored free text from public Chinese platforms (e.g., Weibo/Xiaohongshu/Bilibili/Zhihu/Douyin/WeChat/Baidu/Toutiao) and then emits it as Markdown (compact) for the agent to synthesize, creating an indirect prompt-injection surface.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata