Skills
skills/piekill/xiaohongshu-summarizer-skill/xiaohongshu-search-summarizer/Gen Agent Trust Hub

xiaohongshu-search-summarizer

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from an external social media platform.
  • Ingestion points: User-generated content (titles, descriptions, and comments) from Xiaohongshu is scraped and written to a raw markdown file via scripts/parse.py and scripts/run.sh.
  • Boundary markers: The skill does not implement clear delimiters or instructions to the agent to ignore potentially malicious commands embedded in the scraped data.
  • Capability inventory: The skill utilizes subprocess execution for scraping (playwright-cli) and image processing (python3), and the agent is explicitly instructed to read, see (via vision), and analyze the processed data.
  • Sanitization: While scripts/parse.py performs basic string cleaning for display, it does not sanitize the input against markdown injection or instructional text.
  • [EXTERNAL_DOWNLOADS]: The skill performs automated downloads of media files from external servers.
  • Evidence: The scripts/parse.py script uses the requests library to fetch image files from URLs discovered during the scraping process (requests.get(img_url, ...)).
  • [COMMAND_EXECUTION]: The skill executes local CLI tools and generates temporary script files to facilitate web scraping.
  • Evidence: The scripts/run.sh script creates a temporary JavaScript file in /tmp/ and executes it using playwright-cli run-code. It also invokes python3 to run the parsing script.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 12:51 AM