xiaohongshu-account-recommender
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/xiaohongshu_account_recommender.pyfetches account data fromhttps://onetotenvip.com/story/xhsUser/querySimilarAccountsusing an unverified HTTPS connection. - [COMMAND_EXECUTION]: The skill executes a Python script that performs raw socket network operations and writes data to files such as
account_data.jsonandaccount_recommend.htmlwithin the workspace. - [PROMPT_INJECTION]: The instructions in
SKILL.mdrequire the agent to read and display a local HTML file generated from external API data, which allows for potentially malicious content (like scripts or HTML injection) to be processed and rendered by the agent platform. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Data is ingested from an external API endpoint via
scripts/xiaohongshu_account_recommender.py. - Boundary markers: None; the skill does not use delimiters or instructions to ignore potential commands within the external data.
- Capability inventory: The skill has file-write access and network access; the agent is instructed to display the generated local HTML file.
- Sanitization: Absent; the Python script directly interpolates raw data from the API response (such as nicknames and recommendation reasons) into the HTML template without escaping special characters.
Audit Metadata