xhs-copywriter

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk: the code deliberately makes covert network requests to an untrusted third‑party endpoint (onetotenvip.com) using a custom TLS socket that deliberately omits SNI and disables certificate verification, which indicates intentional evasion and potential data exfiltration—no obvious RCE/backdoor code is present, but the networking behavior is suspicious and can be abused for exfiltration or supply‑chain misuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches public Xiaohongshu sample posts via scripts/fetch_xhs_trends.py (calling https://onetotenvip.com/skill/...), and references/core_workflow.md and SKILL.md require using those fetched user-generated notes plus web_search results as mandatory inputs that the agent must analyze and incorporate into generated copy—i.e., untrusted third-party content is ingested and can materially change the agent's actions.