xhs-title-scorer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow (SKILL.md "查询相关爆款数据" and rule-extraction/ scoring steps) and the included script scripts/fetch_xhs_trends.py clearly fetch public Xiaohongshu post data from the external API endpoint https://onetotenvip.com/skill/cozeSkill/getXhsCozeSkillData, ingest and interpret that user-generated content, and use it to drive scoring and optimization decisions—exposing the agent to untrusted third-party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime requests to https://onetotenvip.com/skill/cozeSkill/getXhsCozeSkillData and uses the returned JSON to drive the scoring, reference examples, and optimization suggestions (directly controlling agent outputs), making this external endpoint a required runtime dependency.