xiaohongshu-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly ingests public/user-generated content and external URLs as part of its required workflows — e.g., scripts/run_xhs_actor.mjs calls runHostedCollection via _postplus_shared/.../hosted_collection_bridge.mjs (hosted collection of Xiaohongshu data), scripts/extract_xhs_vendor_page_products.mjs reads vendor-page.html, and _postplus_shared/.../download_videos_from_manifest_with_ytdlp.mjs downloads arbitrary item.sourceUrl — so untrusted third-party content is read and drives downstream processing and tool use.