xiaohongshu-converter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes external text input meant for conversion. It lacks explicit boundary markers or delimiters between instructions and data. While an attacker could embed instructions in the input text, the skill's limited capabilities (formatting focus) and lack of network/shell access significantly mitigate the risk.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network exfiltration patterns were detected. The skill uses standard file tools (Read, Write, Edit) for local content management.
- Remote Code Execution (SAFE): The skill does not download, install, or execute any external packages or remote scripts.
- Command Execution (SAFE): No subprocess calls, shell commands, or dynamic code execution patterns were found.
Audit Metadata