Skills
skills/moltbot/skills/xiaohongshu-skill/Gen Agent Trust Hub

xiaohongshu-skill

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from Xiaohongshu (notes, comments, and user profiles) and processes it for the agent.
  • Ingestion points: Data is extracted from the target website's window.__INITIAL_STATE__ in client.py, search.py, feed.py, and user.py.
  • Boundary markers: No explicit boundary markers or 'ignore' instructions are added to the extracted content before it is returned to the agent context.
  • Capability inventory: The skill possesses significant capabilities, including network access to Xiaohongshu, local file writing (cookies and images), and content publishing (posting notes and comments).
  • Sanitization: While the output is formatted as JSON, the content of the notes and comments themselves is not sanitized for potential malicious instructions targeting the LLM.
  • [COMMAND_EXECUTION]: The skill uses Playwright browser automation to interact with the target platform. This includes executing JavaScript within the browser context (client.py) to extract structured data from the page state.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of Playwright browser binaries (e.g., Chromium) to function, as documented in the SKILL.md setup instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 03:01 AM