xhs-cli
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a third-party CLI tool
xiaohongshu-cli(github.com/jackwener/xiaohongshu-cli) usinguv tool install. This tool is an unverified dependency from an individual developer. - [CREDENTIALS_UNSAFE]: The
xhs logincommand is used to automatically extract session cookies from the user's browser (e.g., Chrome, Edge) to authenticate with Xiaohongshu. This grants the CLI tool and the agent access to sensitive authentication credentials stored on the local filesystem. - [COMMAND_EXECUTION]: The skill relies on the execution of multiple shell commands to perform account management, social interactions, and content retrieval.
- [PROMPT_INJECTION]: The skill has a high surface area for indirect prompt injection as it ingests untrusted data from a social media platform.
- Ingestion points: Commands such as
xhs search,xhs read, andxhs commentsfetch user-generated text, titles, and comments from the Xiaohongshu platform (SKILL.md). - Boundary markers: There are no explicit instructions or delimiters used to separate the external content from the agent's core instructions.
- Capability inventory: The agent has the capability to perform state-changing operations like posting comments (
xhs comment), following users (xhs follow), and deleting notes (xhs delete) (SKILL.md). - Sanitization: No sanitization or validation of the retrieved text is mentioned or implemented in the instructions.
Audit Metadata