rednote-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously fetches and renders user-generated Xiaohongshu content (e.g., search_note_by_key_word.py and dump_note.py load https://www.xiaohongshu.com pages and extract note JSON) and the SKILL.md workflow explicitly uses that extracted content to drive follow-up interactions (like_note, comment_note, follow_user), which could allow untrusted third-party text to influence agent actions.