xiaohongshu-publisher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill connects the agent-browser to the public Xiaohongshu creator site (https://creator.xiaohongshu.com/publish/publish) and repeatedly takes/inspects page snapshots and element text (e.g., via npx agent-browser --cdp 9222 snapshot -i, open, screenshot) as part of its workflow, meaning it directly reads/interprets third‑party, user‑generated web content.