Skills
skills/zangqilong198812/openclaw-xiaohongshu-publish-skill/xiaohongshu-publish/Gen Agent Trust Hub

xiaohongshu-publish

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the openclaw CLI tool to automate browser activities. These commands include open, snapshot, click, upload, and type. The skill specifically uses these to interact with the XiaoHongShu creator website and to upload media files from the user's home directory (e.g., ~/xiaohongshu-<account>/resources/).- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of local Markdown files to generate AI-driven content for social media posts.\n
  • Ingestion points: Content is read from ~/xiaohongshu-<account>/account.md and ~/xiaohongshu-<account>/resource.md during the execution flow.\n
  • Boundary markers: No explicit delimiters or boundary markers are utilized to separate the ingested file content from the system instructions provided to the agent.\n
  • Capability inventory: The skill has access to the local filesystem for reading and writing (history log) and can execute arbitrary browser-based commands via the openclaw utility.\n
  • Sanitization: There is no evidence of validation, sanitization, or escaping of the text extracted from the local Markdown files before it is used to prompt the AI for content generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 06:19 PM