xiaohongshu

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and usage explicitly show passing a web_session cookie value directly into function calls (including a concrete cookie string and placeholders), which encourages collecting and embedding sensitive cookies/credentials verbatim in generated code or commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and scrape user-generated content from the public XiaoHongShu platform (e.g., search_notes, get_comments, note_detail workflows and example links like https://www.xiaohongshu.com/explore/...), so the agent will ingest untrusted third-party posts/comments that can influence subsequent actions (search, analyze, follow, like).