xiaohongshu
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (LOW): The configuration utility in
scripts/request/web/encrypt/config.pyuses theeval()function to parse variables from theweb_encrypt_config.inifile. This is primarily used to interpret structured data like integer lists. While the configuration source is local to the skill, the use ofeval()is a security best-practice violation. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted content (notes and comments) from external social media users.
- Ingestion points: Data enters through functions in
scripts/request/web/apis/note.pyandscripts/request/web/apis/comments.py. - Boundary markers: The skill does not use delimiters or boundary markers when returning retrieved content to the agent.
- Capability inventory: The skill possesses authenticated interaction capabilities, such as following users and liking notes, which could be exploited by malicious instructions in scraped data.
- Sanitization: Content fetched from the platform is not sanitized or escaped.
- EXTERNAL_DOWNLOADS (SAFE): The skill relies on standard, legitimate Python packages for networking and cryptography, including
aiohttp,loguru,pycryptodome, andgetuseragent.
Audit Metadata