xhs-explore

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains instructions that attempt to override the agent's behavior by explicitly telling it to ignore other tools and previous project implementations (e.g., xiaohongshu-mcp). This is a tactic used to force adherence to specific skill logic over the agent's broader capabilities or knowledge.
  • [COMMAND_EXECUTION]: The skill relies on executing a local Python script (scripts/cli.py) with various command-line arguments to perform searches and fetch data. This utilizes the agent's ability to execute shell commands.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it fetches and analyzes content from Xiaohongshu, such as note descriptions and user comments, which are attacker-controlled external inputs.
  • Ingestion points: Note content, interaction data, and comments fetched from Xiaohongshu via the CLI tool.
  • Boundary markers: No delimiters or warnings to ignore embedded instructions are specified in the workflow.
  • Capability inventory: Execution of local Python scripts with dynamic parameters.
  • Sanitization: No evidence of sanitization or filtering of the external data before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 07:36 AM
Security Audit — agent-trust-hub — xhs-explore