xiaohongshu

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and analyze content from third-party Xiaohongshu feeds.
  • Ingestion points: External competitor content is retrieved using the mcp__xiaohongshu-mcp__get_feed_detail tool during the research phase.
  • Boundary markers: The instructions lack specific delimiters or warnings to the agent to disregard embedded instructions within the analyzed feed text.
  • Capability inventory: The agent has access to powerful tools including Bash for executing local scripts, Write for file management, and MCP tools for publishing content.
  • Sanitization: The skill does not perform explicit sanitization or filtering of the retrieved content before using it to derive content creation strategies.
  • [COMMAND_EXECUTION]: The SKILL.md file contains instructions for the agent to execute shell commands using the Bash tool to handle image processing. This involves launching a headless Google Chrome instance for capturing screenshots of HTML designs and running Python snippets using python3 -c to perform image cropping, array conversion, and layout validation.
  • [EXTERNAL_DOWNLOADS]: The scripts/generate_image.py script communicates with the Atlas Cloud API (api.atlascloud.ai) to generate and download images. The script also handles GET requests to retrieve binary image data from URLs provided by the API during the generation process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — xiaohongshu