douyin-account-diagnosis
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to
https://redfox.hkto fetch account data. This domain belongs to the service provider associated with the skill author, representing standard and expected functionality. - [CREDENTIALS_UNSAFE]: Security best practices are followed by using an environment variable (
REDFOX_API_KEY) for authentication. No hardcoded secrets or sensitive local file paths (like SSH keys or AWS configs) are accessed. - [COMMAND_EXECUTION]: The included Python scripts process data locally and do not use dangerous functions like
eval()oros.system()on external input. Logic is confined to data parsing and markdown report generation. - [PROMPT_INJECTION]: Instructions in
references/core_workflow.mdprovide strict behavioral guidelines for the agent to ensure data accuracy and report integrity. These are not malicious overrides or safety bypass attempts. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the Douyin API.
- Ingestion points: Data enters via the
query_accountsmethod inscripts/douyin_api_client.py. - Boundary markers: The skill uses explicit markdown templates in
generate_diagnosis_report.pyto structure the output. - Capability inventory: Subprocess calls are absent; logic is limited to data formatting and score calculation.
- Sanitization: The script performs data mapping (category mapping) and numerical formatting which effectively sanitizes the API output before display.
Audit Metadata