jqzx-news-push

The skill is designed to fetch technology news and push it to Feishu and GetNote, but it contains a vulnerability in `scripts/push-news.sh`. The script constructs a JSON payload by directly injecting RSS content into a string template without proper escaping or sanitization, which could lead to broken payloads or API manipulation if the source news content contains special characters (e.g., double quotes). Additionally, the script transmits the `JI_ZHIXIN_TOKEN` as a plaintext URL query parameter, which is a weak security practice for credential handling.