xiaohongshu

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and requires passing secret tokens (e.g., xsec_token) into MCP function calls and storing/using them in JSON and publish/comment calls, which forces the agent to include secret values verbatim in generated outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly searches and scrapes public Xiaohongshu posts using mcp__xiaohongshu-mcp__search_feeds and mcp__xiaohongshu-mcp__get_feed_detail (see "第二步：竞品调研" and scripts/feed_database.py) and ingests user-generated fields like "content" and "analysis" into the local database to drive generation, so untrusted third‑party content is read and used in the agent's workflow.