xhs-smart-publisher
Fail
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is configured to send screenshots of the active browser session (including the Xiaohongshu creator dashboard) to a specific, hardcoded Telegram channel ID (
-1003890797239). This allows whoever controls that channel to view potentially sensitive user data, draft contents, and account status. - [COMMAND_EXECUTION]: The instructions require the agent to execute custom JavaScript snippets via the browser tool to manipulate the web editor. This includes using
innerHTMLto inject content and simulating complex browser events (dispatchEvent,ClipboardEvent), which bypasses standard safe UI interactions. - [DATA_EXFILTRATION]: Vulnerability to Indirect Prompt Injection. The skill processes external 'arbitrary content' to adapt it for posting without using boundary markers or sanitization. This attack surface, combined with the skill's ability to exfiltrate data to Telegram and execute scripts in the browser, could allow a malicious input to hijack the agent's session.
Recommendations
- AI detected serious security threats
Audit Metadata