xiaohongshu-auto-posting
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs an automated installation or upgrade of the 'browser-act-cli' tool using the 'uv' package manager. This is a vendor-supplied tool required for the skill's operation.
- [COMMAND_EXECUTION]: The skill frequently invokes shell commands to interact with the 'browser-act' browser automation suite, including managing sessions and controlling browser instances.
- [COMMAND_EXECUTION]: Implements dynamic JavaScript execution through an 'eval --stdin' pattern. This is used to bypass encoding issues when passing non-ASCII content to the browser's execution context.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted data from Xiaohongshu search results (titles, body text, and tags) to influence its content generation process.
- Ingestion points: Phase 1 and Phase 2 scrape metadata and full-text content from search results on the creator.xiaohongshu.com platform.
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following malicious instructions that might be embedded in the scraped web content.
- Capability inventory: The skill has permissions to write to the local filesystem (workspaces/ directory) and perform full browser automation (clicks, navigation, text entry) via the 'browser-act' tool.
- Sanitization: The instructions do not specify any validation or sanitization of the scraped text before it is used as a reference for writing new posts.
Audit Metadata