Skills
skills/aiskillstore/marketplace/xiaohongshu-search/Gen Agent Trust Hub

xiaohongshu-search

Fail

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file lib/key.js contains a hardcoded default API token e10adc3949ba59abbe56e057f20f883e used as a fallback when the GUAIKEI_API_TOKEN environment variable is not provided.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to www.guaikei.com to fetch Xiaohongshu note data and metadata.
  • [COMMAND_EXECUTION]: The script scripts/search.js performs filesystem operations, including creating and deleting lock files (.lock_${taskId}) and saving search results to last-search.json within the skill's directory.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from the Xiaohongshu API and interpolates it into Markdown output without sanitization or boundary markers.
  • Ingestion points: Data enters the system via API responses from www.guaikei.com in lib/xiaohongshu.js.
  • Boundary markers: No delimiters or 'ignore instructions' warnings are used in xiaohongshu.formatMessage when preparing the Markdown output.
  • Capability inventory: The skill has filesystem write access (fs.writeFileSync) and network access via the https module.
  • Sanitization: While search keywords are sanitized, the content retrieved from the external API (titles, nicknames, etc.) is not sanitized before being rendered to the user or agent context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 15, 2026, 10:17 AM
Security Audit — agent-trust-hub — xiaohongshu-search