xiaohongshu-search

Fail

Audited by Snyk on Jun 13, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly extracts xsecToken values from the page state and returns them in the output (for downstream lookup), requiring the model to read and emit session/auth tokens verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill navigates to a public Xiaohongshu search results page and then runs scripts/extract-search.py, which reads window.__INITIAL_STATE__.search.feeds (containing outsider-authored note titles/user content) and injects extracted free-text fields like title into the agent’s LLM context.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the entire Skill content (markdown and included script). I found a high-entropy token value in the example extraction output: "ABpK6gG0Dmt6MoVt60wJf-J0VMaCw5Y1Hi766ap7uWrxE=" assigned to the xsecToken field. This is a literal, random-looking string that meets the entropy criterion and could be usable as an access token. It is not labeled as a placeholder (e.g., YOUR_...), truncated, or obviously a benign example password, so it must be treated as a potential secret leak.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 04:39 AM
Issues
3
Security Audit — snyk — xiaohongshu-search