hhxg-market
Warn
Audited by Snyk on Jun 24, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). 该 skill 在运行时通过
_common.fetch_json()从公开站点https://hhxg.top/static/data/...拉取 JSON(如assistant/skill_snapshot.json、news/n0.json、calendar/*),其中的title/description等字段会被格式化为可读文本并进入 LLM 上下文,属于“公共 web 内容/第三方发布文本”路径。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata