xiaohongshu-creation-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The HTML preview templates in the references directory load CSS and font assets from trusted technology providers, specifically JSDelivr, Cloudflare, and Google Fonts.
- [PROMPT_INJECTION]: The skill is designed to ingest and process user-provided text for analysis and rewriting, which presents an indirect prompt injection surface inherent to its function as a content creation assistant.
- [COMMAND_EXECUTION]: The image generation sub-skill includes Bash commands used to detect user configuration files within standard project and home directory paths.
Audit Metadata