xiaohongshu-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit CLI example that passes a security token as a command-line argument (--xsec-token ), which would require emitting secret values verbatim in generated commands and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly describes commands that fetch and read public, user-generated Xiaohongshu content (e.g., "xhs search", "xhs feed", "xhs read <id_or_url>", "xhs comments"), so the agent ingests untrusted third-party posts/comments which can influence follow-up actions like commenting, liking, or deleting.