wechat-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). 运行时会通过 scripts/fetch_gzh_trends.py 向 https://redfox.hk/story/api/gzh/search/hotArticle 发起请求并把返回的 data.articles/latestHotArticles/hotTopics 等字段（含标题/摘要等自由文本）拼入输出 JSON/HTML，从而进入代理的 LLM 上下文；这些内容来自外部第三方 API（非用户/组织自有）。

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I flagged one real secret found in the documentation: in references/gzh_trend_data_format.md the HTTP request headers example contains a literal API key value:

X-API-Key: ak_c4fc9018ffb14ce4ae35dafd92f466c3

This is a high-entropy, token-like string (prefixed with ak_) and appears to be an actual API key shown in plaintext, which meets the definition of a secret that can be used to access the Redfox API.

Ignored items / not flagged:

• Example/placeholder values such as "ak_xxxx..." in the README and the script (these are placeholders).
• Environment variable names like REDFOX_API_KEY (these are just variable names, no secret value).
• Simple text strings and passwords are not present as high-entropy credentials.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)