xhs-prohibited-word（小红书违禁词查询）

The skill exfiltrates user-provided text, file contents, and web data to an external third-party API (onetotenvip.com) for sensitive word detection, which poses a significant privacy risk. It utilizes high-risk capabilities including Playwright for headless web browsing and broad local file-reading permissions, creating potential for SSRF or unauthorized access to sensitive local files if the agent is manipulated. Furthermore, the instructions in core_workflow.md use highly coercive 'Iron Rules' to strictly mandate file system writes and specific agent behaviors, which is a common pattern for controlling agents via prompt injection.