xhs-publisher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's publish_xhs.sh clearly opens the public Xiaohongshu creator site (https://creator.xiaohongshu.com) and uses agent-browser eval calls to read page DOM/body.innerText and query/click elements (e.g., checking for '发布成功', selecting tabs by text, finding publish buttons), meaning it ingests and acts on untrusted third‑party page content during runtime.