write-xiaohongshu
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes functions via MCPs to search for posts, crawl the web, and publish content to the Xiaohongshu platform.
- [EXTERNAL_DOWNLOADS]: Retrieves external information from the web via Firecrawl and potentially fetches images from stock photo platforms like Pexels or Unsplash.
- [PROMPT_INJECTION]: Potential for Indirect Prompt Injection due to the processing of untrusted external data.
- Ingestion points: Content is retrieved from Xiaohongshu post details, user comments, and web search results in Steps 1, 2, and 3 of the SKILL.md file.
- Boundary markers: The instructions do not define clear delimiters or "ignore" instructions for the data being analyzed to prevent embedded instructions from being followed.
- Capability inventory: The skill has the capability to publish directly to a social media account via the Xiaohongshu MCP (Step 6).
- Sanitization: There is no logic provided to sanitize or filter the content retrieved from external sources before it influences the generated output.
Audit Metadata