Skills
skills/stvlynn/skills/xiaohongshu/Gen Agent Trust Hub

xiaohongshu

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the user to download and install a third-party tool (xiaohongshu-mcp) from an unverified GitHub repository (github.com/peanut996/xiaohongshu-mcp).
  • [REMOTE_CODE_EXECUTION]: The setup instructions guide the user to run local binaries and scripts (./xiaohongshu-login, ./start.sh) provided by the external repository, which could execute arbitrary code on the user's machine.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it fetches and processes uncontrolled content from Xiaohongshu (posts, comments, and titles) without sanitization.
  • Ingestion points: scripts/xhs_search.py fetches post data via the local MCP API.
  • Boundary markers: None. The skill does not use delimiters or instructions to ignore embedded content in the retrieved data.
  • Capability inventory: The skill can perform network requests to a local service and output data to the agent context.
  • Sanitization: None. The raw text from external posts is processed and displayed directly.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 04:01 PM