post-to-xhs
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from URLs via WebFetch, creating an indirect prompt injection surface where remote content could influence the final post. This is mitigated by the mandatory user confirmation step before publication.\n
- Ingestion points: WebFetch extraction in Step 2 of SKILL.md.\n
- Boundary markers: Absent; fetched content is interpolated directly into tool arguments.\n
- Capability inventory: publish_content and publish_with_video tools used for network publication and local file access.\n
- Sanitization: No sanitization or validation of the fetched content is specified before use.\n- [COMMAND_EXECUTION]: The skill uses specialized tools to read local files (images and videos) and perform network requests to Xiaohongshu APIs for media uploads and post creation.
Audit Metadata