xhs-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and documents passing xsec_token/cookie values in URLs and as explicit CLI flags (e.g., ?xsec_token=yyy, --xsec-token T), which requires the agent to embed secret/token values verbatim in generated commands or outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and acts on public, user-generated Xiaohongshu content (e.g., via "xhs search", "xhs read <note_id>" or "xhs read ", and "xhs comments " in SKILL.md), so untrusted third-party posts/comments are ingested and can influence subsequent actions like likes, comments, or replies.