search-feeds-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's script (scripts/search-feeds.mjs) calls the Xiaohongshu MCP API via callMCPMethod('tools/call', {name: 'search_feeds'}) and parses/returns user-generated Xiaohongshu feed content, meaning the agent ingests untrusted public social-media content that could contain instructions affecting subsequent actions.