xiaohongshu-growth
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill manages authentication using session cookies (
XIAOHONGSHU_COOKIE) withinscripts/publish_to_draft.py. The implementation correctly uses environment variables to avoid credential hardcoding and targets official platform endpoints. - [DATA_EXFILTRATION]: Indirect Prompt Injection Surface.
- Ingestion points: Data is ingested from external search results via the
brave-searchskill and competitor post data analyzed inscripts/analyze_competitor.py. - Boundary markers: The skill does not employ explicit delimiters or instruction-guarding techniques when processing these external data points.
- Capability inventory: The skill can perform network POST requests to create or schedule drafts via
scripts/publish_to_draft.py. - Sanitization: There is no evidence of input validation or content sanitization in the provided data-processing scripts.
- [COMMAND_EXECUTION]: The skill uses local Python scripts to perform legitimate data processing and platform interaction tasks essential to its stated purpose.
Audit Metadata