xhs-note-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's publish scripts clearly fetch and interact with open/public Xiaohongshu content (e.g., using the xhs client get_suggest_topic in scripts/publish_xhs.py, calling the creator site via Playwright in scripts/publish_xhs_browser.py, and optionally contacting an xhs-api endpoint), read topic/page responses, and then use those results to choose tags/click items and drive publishing actions—exposing the agent to untrusted, user-generated third‑party content that can change its behavior.