bili-ai-feed

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). 运行时会从外部搜索引擎（Baidu/Google/WeChat/Toutiao/DuckDuckGo/Brave 等）抓取“热门话题”的网页/文章/评论等自由文本并用于生成“AI情报调查报告”（属于公共网页/第三方内容注入风险）；虽然当前 daily_report.py 的 generate_intelligence_briefing() 仅基于B站返回数据生成，但技能工作流要求“必须基于TOP话题自动执行AI情报调查”，该步骤在实现上应会读取外部搜索结果文本。

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the skill content for hardcoded secrets and found one real high-entropy credential:
• Found a full-looking API key value "ak_b45b6a6881f4400fb321428947eb6661" in references/investigator-config.json under record_save.default_apikey. This is not a placeholder (it is long, random-looking, prefixed with "ak_") and appears to be a usable API key hardcoded in the repo.

Other occurrences (REDFOX_API_KEY, examples like "ak_你的密钥", environment variable names, URLs, or doc placeholders) are documentation placeholders or env-var references and were ignored per the rules.

Recommend removing the hardcoded key, replacing it with a placeholder, and rotating/revoking the key if it has ever been used.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)