xhs-creator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to call APIs with an xsec_token parameter (e.g., get_feed_detail(feed_id, xsec_token), user_profile(user_id, xsec_token)), which implies the LLM must supply secret token values verbatim in its generated tool calls/commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 explicitly fetches public, user-generated content—calling get_feed_detail(...) to retrieve Xiaohongshu notes and comments—and also performs WebSearch across the open web, and the agent is expected to read and analyze that untrusted third-party content as part of its workflow, enabling indirect prompt injection.