stock-feed
Warn
Audited by Snyk on Jun 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). 该技能在运行时通过
scripts/stock_feed.py调用外部接口https://redfox.hk/story/api/multiPlatform/workSearch获取小红书/抖音/公众号的作品title/desc/author等文本,并在后续“综合输出/HTML生成”阶段把这些外部作者内容作为可读文本写入报告(从而进入LLM上下文的分析/生成流程),属于“公共社媒内容/第三方作者自由文本”注入风险路径。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata