xhs-explore

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Insecure: the prompt explicitly returns and displays xsec_token and requires passing xsec_token verbatim as parameters, which forces the LLM to handle and emit a sensitive token value.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md's "执行流程" explicitly calls list_feeds and get_feed_detail to fetch Xiaohongshu recommendation notes and their comments (user-generated public content), which the agent reads and can act on (e.g., like/comment/view author), so untrusted third-party content could influence behavior.