xiaohongshu-data
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill requires a sensitive session cookie (XHS_COOKIE) to be configured in the environment. This cookie provides full access to the user's Xiaohongshu account and could be compromised by the unverified MCP server.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill configuration uses npx to download and run @shopme/xiaohongshu-data-mcp. The @shopme organization is not a trusted source, making the package contents unverifiable.
- [REMOTE_CODE_EXECUTION] (HIGH): Executing an untrusted npm package via npx at runtime constitutes a remote code execution risk, as the package can perform any action on the host system.
- [PROMPT_INJECTION] (HIGH): The skill processes untrusted user-generated content from Xiaohongshu. 1. Ingestion points: get_note_detail and search_notes tools. 2. Boundary markers: Absent. 3. Capability inventory: The agent can execute commands via npx and handle session data. 4. Sanitization: No sanitization or filtering of external content is mentioned, allowing embedded instructions in notes to influence the agent.
Recommendations
- AI detected serious security threats
Audit Metadata