khazix-skills/hv-analysis
横纵分析法(Horizontal-Vertical Analysis)深度研究Skill。由数字生命卡兹克提出,融合历时-共时分析、纵向-横截面研究设计、案例研究法与竞争战略分析。 当用户想要系统性研究一个产品、公司、概念、技术或人物时使用。纵轴追踪完整生命历程,横轴与竞品系统性横向对比,交叉产出洞察,最终输出PDF研究报告。
70
70%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 1.00). The SKILL.md's "第一步:联网信息收集" explicitly mandates "必须联网搜索" using sub-agents to gather longitudinal/横向 data (including "用户社区讨论" and user口碑) from public websites, so the agent will fetch and interpret untrusted third‑party web content as part of its analysis workflow.
- Audited
- Security analysis