Skills
skills/redfox-data/redfox-community/douyin-rise-ranking/Gen Agent Trust Hub

douyin-rise-ranking

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script, scripts/gzh_growth_fetcher.py, to perform data retrieval and formatting tasks.
  • [EXTERNAL_DOWNLOADS]: Rankings are fetched from the official vendor endpoint at https://redfox.hk/story/api/dyData/getDyRiseFansRank using the standard Python urllib library.
  • [DATA_EXFILTRATION]: The skill transmits request parameters, including chart type, category, and date, to the vendor's API. No personal identifiers or sensitive local data are transmitted.
  • [SAFE]: The inclusion of a script that reads shell configuration files (e.g., .bashrc) is a targeted measure to locate the REDFOX_API_KEY and does not represent broad unauthorized file access.
  • [SAFE]: Documentation regarding the persistence of API keys in shell profiles is provided for user convenience and aligns with standard CLI tool configurations.
  • [SAFE]: The skill processes account data from an external API (nicknames and URLs) and inserts them into predefined templates, which mitigates the risk of indirect prompt injection from the API source.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:51 PM
Security Audit — agent-trust-hub — douyin-rise-ranking