gzh-search-crawler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Runtime path: assets/search.py fetches outsider-authored article metadata (titles/authors/URLs/covers/summaries) from the public API https://redfox.hk/story/api/gzhData/searchArticle, then embeds that returned JSON as readable INITIAL_DATA inside assets/report_template.html and renders it into the page’s DOM (indirect prompt-injection surface via untrusted text fields).

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the repository for literal, high-entropy credentials. I found a hardcoded API key string in assets/search.py:
• PUBLIC_API_KEY = "ak_db0e200c049b44288d46da0e758d53dd"

This is a non-placeholder, random-looking key (prefix ak_ plus long hex-like value) that is directly used as the built-in default API key (returned by get_api_key(), assigned as ProxyHTTPHandler.api_key). It meets the definition of a secret (literal API token, high entropy) and is not a generic placeholder or simple example password. No other high-entropy literal secrets (private key PEM blocks, other API tokens) were found. Template placeholders like '{{API_KEY}}' are ignored.