Skills
skills/wpsnote/wpsnote-skills/xiaohongshu-note-creator/Gen Agent Trust Hub

xiaohongshu-note-creator

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The image_gen.py script executes system commands (ioreg on macOS, wmic on Windows) to retrieve hardware UUIDs used for a local API key encryption feature.
  • [COMMAND_EXECUTION]: The skill instructions in SKILL.md use python3 -c to dynamically decode Base64 image data and save it to temporary files for subsequent processing by image generation tools.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with well-known third-party AI services for image generation, including Google Gemini, Alibaba DashScope, ByteDance ARK (Dreamina), and OpenRouter.
  • [DATA_EXFILTRATION]: User note content and images are sent to external AI providers as part of the intended content rewriting and image generation workflows.
  • [PROMPT_INJECTION]: The skill exhibits surface area for indirect prompt injection:
  • Ingestion points: Untrusted data enters the agent context via read_note when processing user-provided WPS notes.
  • Boundary markers: The prompt templates lack explicit delimiters or instructions to ignore embedded commands within the ingested note content.
  • Capability inventory: The skill has access to WPS note modification tools (batch_edit), shell command execution (image_gen.py), and network access to AI providers.
  • Sanitization: No validation or sanitization of the external note content is performed before interpolation into LLM prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 04:00 AM