xiaohongshu

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and usage explicitly show passing a web_session cookie value directly into function calls (including a concrete cookie string and placeholders), which encourages collecting and embedding sensitive cookies/credentials verbatim in generated code or commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and parses public, user-generated XiaoHongShu content (e.g., via xhs_session.apis.note.search_notes, apis.comments.get_comments and the __set_websectiga_and_secPoisonId call to https://as.xiaohongshu.com/api/sec/v1/scripting shown in SKILL.md and code), and then uses values from those third‑party responses (note_id/xsec_token, comment text, scripting data) to drive further requests and actions, so untrusted web content can materially influence tool behavior.