wechat-prohibited-word

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). 网页地址输入路径会在运行时通过 extract_from_web(url) 使用 Playwright/requests 抓取并提取网页正文为可读文本，然后经 --url ... --extract-only/--content 进入 check_sensitive_words() 并通过 _call_api(content) 发送到 LLM/Agent上下文展示（属于“公共 web 内容/任意URL抓取”的外部自由文本）。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime calls the external API https://redfox.hk/story/api/cozeSkill/sensitiveWordSearch (hosted on redfox.hk) to obtain JSON/HTML detection results that the script parses and injects directly into the agent's output/template, so the external content controls the skill's outputs and is a required runtime dependency.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)