xiaohongshu-title-score

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). 该技能指示代理帮助用户以明文将 API Key 嵌入命令/环境变量（如 export REDFOX_API_KEY=<值>、SetEnvironmentVariable("...", "<值>", ...)）并通过 echo 验证，意味着 LLM 需要接收并可能输出密钥原文，存在凭据外泄风险。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). 运行时会调用 scripts/fetch_xhs_trends.py 通过 https://redfox.hk/.../getXhsCozeSkillData 获取小红书爆款笔记数据，并将返回的他人标题/作者/互动信息写入 关键词_爆款数据.md 后被后续步骤读取进LLM上下文；该数据属于非用户自选的外部平台内容（他人创作的文本）。

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (2 type(s) found)