write-xiaohongshu
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core data-processing workflows.
- Ingestion points: The agent is instructed to fetch and analyze content and comments from Xiaohongshu posts using the get_specified_post tool, as well as background information from the web via the Firecrawl MCP.
- Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' commands to prevent the agent from obeying instructions that may be embedded within the ingested external data.
- Capability inventory: The agent has the capability to publish content directly to a user's Xiaohongshu account using the Xiaohongshu MCP tool.
- Sanitization: The skill does not provide mechanisms for sanitizing or validating external content before it is used to generate and publish social media notes.
Audit Metadata