Skills
skills/redfox-data/redfox-community/douyin-hot-trend/Snyk

douyin-hot-trend

Warn

Audited by Snyk on Jun 12, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). 运行时会通过 scripts/hotspot_fetcher.py 调用红狐Hub的公共接口获取抖音热榜条目(含标题/URL等),这些文本属于非用户选择引入的外部来源,并在 core_workflow.md 中被保存为JSON后由 scripts/gen_douyin_hot_html.py 读入并嵌入到HTML/JS数据中,进而进入代理上下文用于生成展示与分析。

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 12, 2026, 07:50 PM
Issues
1
Security Audit — snyk — douyin-hot-trend