Skills
skills/openminis/minisskills/xiaohongshu-hub/Gen Agent Trust Hub

xiaohongshu-hub

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill manages high-value authentication credentials (cookies a1, web_session, and webId). While the documentation provides guidance for secure handling via environment variables, these credentials grant full access to the user's Xiaohongshu account and are transmitted to the platform's API endpoints.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from Xiaohongshu, which may contain malicious instructions designed to manipulate the agent.
  • Ingestion points: Untrusted content is retrieved from the platform via methods such as search_notes, get_note_by_id, get_comments, and get_home_feed in scripts/client.py.
  • Boundary markers: There are no boundary markers or explicit instructions to treat fetched content as untrusted data in the prompt logic.
  • Capability inventory: The skill possesses write capabilities including post_comment, like_note, follow_user, and delete_note in scripts/client.py, which could be exploited if an injection attack is successful.
  • Sanitization: The skill does not perform validation, filtering, or sanitization on the external text data before passing it to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 11:49 AM