xhs-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses public, user-generated Xiaohongshu content from arbitrary URLs (e.g., https://www.xiaohongshu.com/discovery/item/... and xhslink.com shortlinks) via the XHS.extract() workflow (see references/API参考.md and references/支持的链接.md), so the agent ingests untrusted third‑party content as part of its operation.