xhs-note-creator
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill requires a 'XHS_COOKIE' stored in a '.env' file. This cookie is a full session token that allows the skill (and anyone with access to the environment) to act as the authenticated user on Xiaohongshu.
- [COMMAND_EXECUTION] (MEDIUM): The 'SKILL.md' instructions direct the agent to execute shell commands to run Python and Node.js scripts. This is the intended operation but represents a capability for local code execution.
- [EXTERNAL_DOWNLOADS] (LOW): Installation requires 'playwright install chromium', which fetches external browser binaries. Per [TRUST-SCOPE-RULE], this is a standard dependency action but remains an external fetch.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted Markdown data (Step 2 in SKILL.md) and processes it through a rendering engine (Playwright). Evidence: 1. Ingestion point: 'render_xhs.py' reads user-provided Markdown. 2. Boundary markers: Absent. 3. Capability: Local file write and network API calls via 'xhs' library. 4. Sanitization: Not visible in the provided CSS/HTML templates, creating a surface for potential CSS/HTML injection during rendering.
Audit Metadata