Skills
skills/nowork-studio/openclaw-social-media-skills/xiaohongshu/Gen Agent Trust Hub

xiaohongshu

Warn

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the md2red tool from the vendor's GitHub repository (https://github.com/nowork-studio/md2red) and installs dependencies.
  • [COMMAND_EXECUTION]: Executes shell commands to clone repositories, install Python packages using pip, and run local Python scripts.
  • [PROMPT_INJECTION]: Instructions explicitly advise the agent on how to circumvent Xiaohongshu's automated content review systems by using professional synonyms and avoiding specific sensitive terms to evade safety filters.
  • [COMMAND_EXECUTION]: Utilizes browser.evaluate to execute dynamic JavaScript which modifies the innerHTML of web elements on the creator dashboard.
  • [PROMPT_INJECTION]: Identifies an indirect prompt injection surface. 1. Ingestion points: Reads post content and scheduling data from a local file (xiaohongshu-content-plan.md). 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when reading the file. 3. Capability inventory: High-risk capabilities including shell command execution, Python script execution, and browser automation with JS evaluation. 4. Sanitization: No evidence of content sanitization or validation before the data is passed to image generation or form-filling tools.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 02:27 PM