The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill explicitly instructs users to download platform-specific binaries (e.g., xiaohongshu-mcp-darwin-arm64, xiaohongshu-login-windows-amd64.exe) from the github.com/xpzouying/xiaohongshu-mcp repository. This source is not part of the trusted vendors list or recognized well-known services.
[REMOTE_CODE_EXECUTION]: Executing opaque binaries downloaded from an untrusted source allows for the execution of arbitrary code on the host system. The skill describes running these files directly to handle authentication and server operations.
[COMMAND_EXECUTION]: The documentation provides instructions to grant execute permissions (chmod +x) and run the binaries from the command line, which bypasses typical software installation safeguards.
[PROMPT_INJECTION]: The skill processes external data from Xiaohongshu (search results, note details, and comments). This creates a surface for indirect prompt injection where malicious instructions embedded in social media content could influence the agent's behavior.
Ingestion points: search and detail commands in scripts/xhs_client.py fetch external content.
Boundary markers: None identified in the provided markdown.
Capability inventory: Subprocess execution via shell commands and content publishing (publish command).
Sanitization: No evidence of sanitization or filtering for the data fetched from the external API.

xiaohongshu-mcp