xiaohongshu-hub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and processes user-generated content from Xiaohongshu public APIs (e.g., edith.xiaohongshu.com and creator.xiaohongshu.com) as shown in SKILL.md and scripts/client.py (methods like search_notes, get_home_feed, get_comments/get_all_comments) and also uses that content to drive actions (follow/like/comment), so untrusted third‑party content can materially influence agent behavior.