xiaohongshu-auto-posting

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs an automated installation or upgrade of the 'browser-act-cli' tool using the 'uv' package manager. This is a vendor-supplied tool required for the skill's operation.
  • [COMMAND_EXECUTION]: The skill frequently invokes shell commands to interact with the 'browser-act' browser automation suite, including managing sessions and controlling browser instances.
  • [COMMAND_EXECUTION]: Implements dynamic JavaScript execution through an 'eval --stdin' pattern. This is used to bypass encoding issues when passing non-ASCII content to the browser's execution context.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted data from Xiaohongshu search results (titles, body text, and tags) to influence its content generation process.
  • Ingestion points: Phase 1 and Phase 2 scrape metadata and full-text content from search results on the creator.xiaohongshu.com platform.
  • Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following malicious instructions that might be embedded in the scraped web content.
  • Capability inventory: The skill has permissions to write to the local filesystem (workspaces/ directory) and perform full browser automation (clicks, navigation, text entry) via the 'browser-act' tool.
  • Sanitization: The instructions do not specify any validation or sanitization of the scraped text before it is used as a reference for writing new posts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — xiaohongshu-auto-posting