xiaohongshu-reply

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill scrapes and reads user-generated comments from the public Xiaohongshu notification page (https://www.xiaohongshu.com/notification) — see SKILL.md and scripts check_comments.py, fetch_latest.py, and reply_fixed.py — and uses that untrusted content to generate/route replies (and drive clicking/sending), so third-party comments can materially influence actions and enable indirect prompt injection.