xhs-search-workflow

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes explicit examples that require pasting full cookies or using --cookie "..." / COOKIES="..." (directly embedding session secrets in commands or files), so an agent could be asked to output secrets verbatim even though env-file/QR alternatives exist.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required CLI workflows and scripts (e.g., search_notes.py, fetch_note_texts.py, xhs_full_cli.py) explicitly fetch and parse public Xiaohongshu content (edith.xiaohongshu.com, note URLs, comments, user posts and media) and then act on that data (searching, extracting, converting to no‑watermark links, and downloading), so untrusted user-generated third‑party content can directly influence tool decisions and actions.