Skills
skills/postplusai/postplus-skills/xiaohongshu-tools/Gen Agent Trust Hub

xiaohongshu-tools

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external processes using node:child_process, specifically calling python3 to run the yt-dlp module for media downloads and invoking the postplus CLI for service confirmations.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with external network resources, including vendor-specific API endpoints for data collection and third-party media URLs for video downloads.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sources, presenting a surface for indirect prompt injection.
  • Ingestion points: Raw HTML is parsed in extract_xhs_vendor_page_products.mjs, and external JSON data is ingested by scripts like normalize_xhs_dataset.mjs and various ranking tools.
  • Boundary markers: Not present; processed data is not wrapped in security-specific delimiters.
  • Capability inventory: The skill possesses file system write capabilities (writeJson) and network access via the vendor's cloud client (requestJson, runHostedCollection).
  • Sanitization: Not present; while the skill performs data normalization and string cleaning, it does not specifically filter for malicious instructions embedded in the ingested data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 01:13 PM
Security Audit — agent-trust-hub — xiaohongshu-tools