xiaohongshu-recruiter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's publish script (scripts/publish_xiaohongshu.py) autonomously navigates to and reads the public Xiaohongshu pages (e.g., https://creator.xiaohongshu.com/publish/publish), uses page.content()/page.title()/locator text matches to detect login state, upload progress, and UI elements, and then acts (clicks buttons, fills fields) based on that untrusted third‑party page content — creating a clear path for indirect prompt/instruction injection from the live site.