xiaohongshu-content-benchmark

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and normalizes public Xiaohongshu posts (user-generated content) via the actors easyapi/rednote-xiaohongshu-user-posts-scraper and easyapi/rednote-xiaohongshu-search-scraper (see SKILL.md and references/actor-selection.md), and then reads and analyzes that content to drive ranking, summaries, and card-suggestion decisions—so untrusted third‑party content can materially influence agent behavior.