haizei-worldcup-2026-skill
Warn
Audited by Snyk on Jun 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.78). 该技能在运行时会从百度体育的比赛/球队/球员页面抓取“聊天/赛况叙述/动态新闻”等外部网页文本(如
worldcup-match.js的parseLive/parseAnalysis、worldcup-player.js的parseNews、worldcup-team.js的球迷圈/资料内容),这些文本属于非用户选择引入的第三方内容,随后会被上层流程拼入 LLM 上下文,从而存在间接提示注入风险。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata