xhs-content-ops

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt repeatedly requires embedding credentials (e.g., --xsec-token XSEC_TOKEN) directly in CLI commands, which forces the agent to include secret values verbatim in generated commands/outputs and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflows explicitly run CLI commands that fetch and analyze public Xiaohongshu content (e.g., "python scripts/cli.py search-feeds" and "python scripts/cli.py get-feed-detail") so the agent reads user-generated social-media posts and comments and uses them to generate analysis, drafts, and actions, which could enable indirect prompt injection.