search-feeds-skill
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill ingests untrusted data from external Xiaohongshu search results.\n
- Ingestion points:
scripts/search-feeds.mjsretrieves results from theXIAOHONGSHU_MCP_URLendpoint.\n - Boundary markers: The script does not use delimiters or boundary markers to distinguish external content from the agent's context.\n
- Capability inventory: The skill uses
Bashto run scripts and performs network requests viafetch.\n - Sanitization: No sanitization or validation is applied to the content retrieved from the search service.\n- [DATA_EXFILTRATION]: The skill performs network operations using the
fetchAPI. It targets an endpoint specified by theXIAOHONGSHU_MCP_URLenvironment variable, which defaults tolocalhost.\n- [COMMAND_EXECUTION]: The skill executes its search logic by invoking a Node.js script through theBashtool.
Audit Metadata