xiaohongshu
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and analyze content from third-party Xiaohongshu feeds.
- Ingestion points: External competitor content is retrieved using the
mcp__xiaohongshu-mcp__get_feed_detailtool during the research phase. - Boundary markers: The instructions lack specific delimiters or warnings to the agent to disregard embedded instructions within the analyzed feed text.
- Capability inventory: The agent has access to powerful tools including
Bashfor executing local scripts,Writefor file management, and MCP tools for publishing content. - Sanitization: The skill does not perform explicit sanitization or filtering of the retrieved content before using it to derive content creation strategies.
- [COMMAND_EXECUTION]: The
SKILL.mdfile contains instructions for the agent to execute shell commands using theBashtool to handle image processing. This involves launching a headless Google Chrome instance for capturing screenshots of HTML designs and running Python snippets usingpython3 -cto perform image cropping, array conversion, and layout validation. - [EXTERNAL_DOWNLOADS]: The
scripts/generate_image.pyscript communicates with the Atlas Cloud API (api.atlascloud.ai) to generate and download images. The script also handles GET requests to retrieve binary image data from URLs provided by the API during the generation process.
Audit Metadata