Skills
skills/redfox-data/redfox-community/xiaohongshu-account-analyzer/Snyk

xiaohongshu-account-analyzer

Warn

Audited by Snyk on Jun 12, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.78). 运行时会调用红狐 API 获取小红书账号的 nickname/desc/signature/works.title 等字段,并将其作为可读文本写入 output/raw_data.jsonoutput/report_data.json,再由 generate_html/模板替换进入 LLM 对话上下文(通过“在对话中输出诊断报告”与“填充 report_data.json 并生成 HTML”链路);这些文本来自第三方接口/外部账号内容,属于“公共/第三方抓取的内容”。

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 12, 2026, 07:51 PM
Issues
1
Security Audit — snyk — xiaohongshu-account-analyzer