The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation provides direct links to download pre-compiled binary files from a third-party GitHub repository (xpzouying/xiaohongshu-mcp). These downloads are not from the skill author's verified infrastructure or a well-known technology vendor.
[REMOTE_CODE_EXECUTION]: The installation guide encourages users to execute these unverified binaries (e.g., 'xiaohongshu-mcp-darwin-arm64') on their local system. This creates a high-risk scenario where arbitrary code could be executed without source code verification or package manager oversight.
[COMMAND_EXECUTION]: The skill instructs users to use 'chmod +x' to make downloaded third-party files executable and to run them directly. This bypasses security checks typically found in official software distribution channels.
[DATA_EXFILTRATION]: Tools like 'xhs_create_image_note' and 'xhs_create_video_note' allow the agent to access local files via absolute paths. If an agent is manipulated by malicious external data, it could potentially be used to upload sensitive user files to the platform.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from Xiaohongshu through tools like 'xhs_search' and 'xhs_get_note_detail'.
Ingestion points: External content enters the context through search results, recommendation feeds, and post details in 'SKILL.md'.
Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between its core instructions and the external data it retrieves.
Capability inventory: The skill possesses significant capabilities, including publishing posts ('xhs_create_image_note'), commenting ('xhs_comment_note'), and interacting with other users.
Sanitization: There is no evidence of sanitization or validation of the retrieved external content before it is processed by the agent.

xiaohongshu-mcp-integration