viral-content-factory

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.85). Overall: the codebase appears legitimate for a multi-platform content-generation toolkit, but it contains a significant inadvertent data-exfiltration / privacy risk: user-provided content (references/exemplars, learned drafts) can be copied into the build output and committed/pushed by the CI workflow — enabling user data to be uploaded to the repository; there are also standard external-API usages that require careful key handling and dependency vetting.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests open/public third‑party content as part of its required workflow (e.g., Onboard accepts public公众号/知乎/微博 URLs; Step 1.2 and Step 2 call scripts like scripts/fetch_hotspots.py and scripts/fetch_article.py and perform WebSearch/site:mp.weixin.qq.com, zhihu, v2ex queries) and the agent is expected to read and incorporate those untrusted user‑generated/webpage materials into writing, selection, and platform‑adaptation decisions—meeting all conditions for indirect prompt‑injection risk.