xiaohongshu-mcp

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These links point to lesser-known GitHub repositories that instruct users to download and execute unverified binaries/scripts (including platform-specific executables and a one-click login flow) and to run a local MCP service—behaviors that can enable credential theft or remote code execution and are commonly used to distribute malware, so they should be treated as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and interprets public Xiaohongshu posts and comments via MCP tools (e.g., search_feeds, get_feed_detail, post_comment_to_feed) as shown in SKILL.md examples and automated cron tasks (cron_tasks.json / STRATEGY.md) to drive content generation and automated replies, exposing the agent to untrusted, user-generated third‑party content that could carry indirect prompt injection.