xiaohongshu-weeklytop

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs configuring REDFOX_API_KEY and explicitly says the Agent can "主动帮用户设置", showing commands like export REDFOX_API_KEY=<值> and SetEnvironmentVariable with a <值> placeholder — which implies the agent may request and embed the actual API key verbatim into commands/outputs, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). 运行时通过 scripts/xhs_weekly_fetcher.py 调用外部 RedFox API 获取小红书笔记数据（含标题/作者/描述等文本），这些内容来自第三方/平台用户而非操作用户，并在 scripts/gen_xhs_html.py 生成 HTML 时被嵌入到页面脚本上下文（var RAW = ...）供 LLM/agent 后续展示与处理。