last30days-cn

Warn

Audited by Snyk on Jul 7, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). SKILL.md’s runtime path runs python {{SKILL_DIR}}/scripts/last30days.py "{{USER_TOPIC}}" --emit compact, and that script fetches outsider-authored free text from public Chinese platforms (e.g., Weibo/Xiaohongshu/Bilibili/Zhihu/Douyin/WeChat/Baidu/Toutiao) and then emits it as Markdown (compact) for the agent to synthesize, creating an indirect prompt-injection surface.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 7, 2026, 02:01 AM
Issues
1
Security Audit — snyk — last30days-cn