xiaohongshu-prohibited-word

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). RUNTIME path: when the operating user provides a --url input, extract_from_web() uses Playwright/urllib to fetch and extract arbitrary webpage text, which is then passed as content to the detection API and included in the agent’s LLM-visible output (via the extracted/processed text).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime script posts user content to the external detection API https://redfox.hk/story/api/cozeSkill/sensitiveWordSearch and relies on the JSON/html response to determine and format prohibited-word results (remote content directly controls the agent's outputs and is a required runtime dependency).

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)