xiaohongshu-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests and scrapes public, user-generated content (e.g., taking target Xiaohongshu/Tencent-video URLs and crawling posts/comments via the "Viral Copy" flow and "搜索并浏览"/examples/drama-watch in SKILL.md and references/xhs-viral-copy-flow.md) and directly uses that extracted content to drive generation and publishing decisions, which meets the criteria for exposure to untrusted third-party content that could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's included one-click install script runs at runtime and contains a curl piped to bash that fetches and executes remote installer code from https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh, which directly executes remote code and is required for the subsequent Node/OpenClaw installation steps.