Skills
skills/redfox-data/redfox-community/douyin-prohibited-word/Gen Agent Trust Hub

douyin-prohibited-word

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (check_sensitive_words.py) to perform text extraction and coordinate the detection process.
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from external URLs provided by the user. It also utilizes the Playwright library to download and run browser binaries for handling dynamic web content.
  • [DATA_EXFILTRATION]: User-provided data is transmitted to the vendor's domain (redfox.hk) for analysis. This network operation is the primary function of the skill and is required for word detection.
  • [CREDENTIALS_UNSAFE]: The core script includes logic to automatically scan the user's shell configuration files (such as ~/.bashrc, ~/.zshrc, and ~/.profile) to retrieve the REDFOX_API_KEY if it is not present in the environment variables.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from user-uploaded files and external web URLs. Evidence:
  • Ingestion points: Content is extracted via extract_from_file and extract_from_web in check_sensitive_words.py.
  • Boundary markers: None identified; there are no instructions to the agent to ignore instructions embedded within the processed text.
  • Capability inventory: Executes local scripts, performs network POST requests, and writes data to local .txt files.
  • Sanitization: Basic removal of script and style tags from HTML content using BeautifulSoup.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:50 PM
Security Audit — agent-trust-hub — douyin-prohibited-word