xiaohongshu-user-profile
Warn
Audited by Snyk on Jun 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill navigates to a Xiaohongshu user profile page and then executes JS to read
window.__INITIAL_STATE__(includinguser.userPageDataanduser.notes) from the remote site; this page content is authored/published by an outsider (the Xiaohongshu user) and is ingested as readable JSON text into the agent’s LLM context via theeval "$(python scripts/extract-*.py ...)"outputs.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata