xiaohongshu

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most URLs are local API endpoints (localhost) which are not downloads, but the workflow directs you to clone/run scripts from an external, third‑party GitHub repo (peanut996/xiaohongshu-mcp) and to execute provided binaries/scripts (./xiaohongshu-login, ./start.sh), which is a common vector for malware and therefore represents a meaningful risk unless you audit the repository and its scripts first.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches user-generated Xiaohongshu posts, images and comments via a local MCP proxy (see SKILL.md "通过本地 MCP 服务器访问小红书内容" and the scripts/xhs_search.py calls to /api/v1/feeds/search and /api/v1/feeds/detail), and the workflow instructs the agent to read and summarize that third‑party content, which could contain instructions that influence subsequent actions.