xhs-explore

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires extracting and reusing xsec_token values from CLI JSON outputs and embedding them verbatim in subsequent commands (e.g., --xsec-token XSEC_TOKEN), which forces the LLM to handle secret tokens directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly runs the project's CLI (e.g., python scripts/cli.py list-feeds, search-feeds, get-feed-detail, user-profile) to fetch Xiaohongshu (小红书) feeds, search results, note details and comments—public, user-generated content that the agent reads and uses to drive follow-up actions—so it exposes the agent to untrusted third-party content.