xiaohongshu-search-summarizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly scrapes public Xiaohongshu (小红书) via scripts/run.sh (Playwright) and parse.py (requests) to download user-generated posts, comments, and images, and SKILL.md requires the agent to read and interpret that untrusted third-party content (the generated raw_data.md and image files) as part of its synthesis workflow, which could allow indirect prompt injection from the sourced content.