xiaohongshu-growth
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The script
scripts/publish_to_draft.pyperforms network operations to the official XiaoHongShu API atedith.xiaohongshu.com. It utilizes a session cookie retrieved from theXIAOHONGSHU_COOKIEenvironment variable for authentication, which is a standard method for managing sensitive session data in development tools. - [PROMPT_INJECTION]: The content creation workflow utilizes results from
brave-searchto inform the generation of social media posts. This ingestion of untrusted external content represents a surface for indirect prompt injection, as malicious instructions present in search results could theoretically influence the agent's output. The skill does not implement specific boundary markers or sanitization for this external data. - [COMMAND_EXECUTION]: The skill includes Python scripts for analyzing competitor data and publishing drafts. These scripts perform the described analytical and API interaction tasks without attempting unauthorized system modifications or command injection.
Audit Metadata