write-xiaohongshu
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it analyzes external, untrusted content from Xiaohongshu posts and comments to identify 'emotional resonance' and 'patterns'.
- Ingestion points: External posts and comments fetched via the Xiaohongshu MCP tool in Step 1 and Step 2.
- Boundary markers: Absent; there are no instructions for the agent to treat external content as data only or to ignore embedded instructions.
- Capability inventory: The skill has significant capabilities, including the ability to publish content directly to a user's Xiaohongshu account via Step 6.
- Sanitization: Absent; the skill does not specify any filtering, escaping, or validation of the fetched data before using it to generate the final note.
- [EXTERNAL_DOWNLOADS]: The skill downloads external data and configuration via the Firecrawl MCP and retrieves images from third-party sources like Pexels and Unsplash.
- [COMMAND_EXECUTION]: The skill executes actions through integrated MCP tools to check authentication status, query social media databases, and publish automated notes.
Audit Metadata