RedBookSkills
Fail
Audited by Snyk on May 30, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to include sensitive tokens (e.g., --xsec-token XSEC_TOKEN) and similar credential-like parameters directly in generated commands, requiring the LLM to handle/output secret values verbatim and creating an exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). 在“内容检索与互动流程”中,运行时会通过 CDP 打开小红书页面并从
window.__INITIAL_STATE__/DOM/网络响应中提取他人发布的笔记与评论文本(如list-feeds/search-feeds/get-feed-detail/profile-snapshot/notes-from-profile/get-notification-mentions),这些属于外部作者内容进入 LLM 上下文的间接提示注入风险。
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata