xhs-content-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly calls search_feeds, get_feed_detail, and user_profile to fetch and analyze user-generated Xiaohongshu (public social media) posts and comments, which the agent reads and uses to drive planning/recommendations, thereby exposing it to untrusted third-party content that could contain indirect prompt injections.