xiaohongshu-search
Fail
Audited by Snyk on Jun 13, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill explicitly extracts xsecToken values from the page state and returns them in the output (for downstream lookup), requiring the model to read and emit session/auth tokens verbatim.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill navigates to a public Xiaohongshu search results page and then runs
scripts/extract-search.py, which readswindow.__INITIAL_STATE__.search.feeds(containing outsider-authored note titles/user content) and injects extracted free-text fields liketitleinto the agent’s LLM context.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the entire Skill content (markdown and included script). I found a high-entropy token value in the example extraction output: "ABpK6gG0Dmt6MoVt60wJf-J0VMaCw5Y1Hi766ap7uWrxE=" assigned to the xsecToken field. This is a literal, random-looking string that meets the entropy criterion and could be usable as an access token. It is not labeled as a placeholder (e.g., YOUR_...), truncated, or obviously a benign example password, so it must be treated as a potential secret leak.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata