creator-buddy
Warn
Audited by Snyk on Jul 3, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). 运行时会通过
skills/global-content-search调用 Agent Reach / OpenCLI / xiaohongshu-mcp / xhs-cli 或 Guaikei API 拉取小红书/B站等公开内容(含他人作者的标题、摘要、链接、评论等可读文本),这些文本会进入 CLI 输出并被主 Agent 写入 LLM 上下文。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata