xiaohongshu

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [DATA_EXFILTRATION]: The scripts/generate_image.py script transmits prompts and configuration data to external third-party services (api.atlascloud.ai and api.nanobananaapi.ai) to generate images. It also attempts to read sensitive API keys from environment variables and a hardcoded local file path (/Users/lifcc/Desktop/code/work/mutil-om/om-generator/.env), which exposes the author's local directory structure.
  • [COMMAND_EXECUTION]: The skill frequently uses the Bash tool to execute local Python scripts (feed_database.py, generate_image.py) and complex command-line operations. This includes running Google Chrome in headless mode for screenshots and executing inline Python snippets that use PIL and numpy for image processing.
  • [INDIRECT_PROMPT_INJECTION]: The skill's workflow involves fetching competitor post details (titles, content, analysis) directly from the Xiaohongshu platform to guide its own generation process. This creates a surface for indirect prompt injection where malicious instructions embedded in web content could influence the agent's output or behavior.
  • [EXTERNAL_DOWNLOADS]: The skill downloads images from URLs provided by the image generation APIs and saves them to the local filesystem using the requests library.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 09:23 PM
Security Audit — agent-trust-hub — xiaohongshu