xiaohongshu-account-research
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from Xiaohongshu note titles and descriptions, which constitutes an indirect prompt injection surface. Adversarial content in processed posts could potentially influence the agent's behavior.
- Ingestion points: Scraped post data in xhs-account-raw.json.
- Boundary markers: Not explicitly implemented in the data processing scripts.
- Capability inventory: File system access (read/write), network operations via the vendor bridge, and subprocess execution.
- Sanitization: Basic string trimming and normalization are present, but no specific protection against instruction-style content in external data.
- [COMMAND_EXECUTION]: The script download_videos_from_manifest_with_ytdlp.mjs spawns a subprocess to run python3 -m yt_dlp for video downloads, which is a standard functional component for media handling.
Audit Metadata