xhs-profile

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires an xsec_token parameter and explicitly asks to include xsec_token in the returned note list, which forces the agent to receive and output a secret value verbatim (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly calls user_profile to fetch a 小红书 (XiaoHongShu) user's homepage and recent notes (user-generated social media content) which the agent reads/displays as part of its workflow and can lead to viewing note details or interactions, exposing it to untrusted third‑party content.