Skills
skills/redfox-data/redfox-community/gzh-subscribe/Gen Agent Trust Hub

gzh-subscribe

Warn

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script assets/subscribe.py executes system commands via subprocess.run to install persistence mechanisms. It uses launchctl on macOS to create a LaunchAgent and crontab on Linux to schedule recurring daily execution of the subscription script at 09:00 AM.
  • [DATA_EXFILTRATION]: The skill performs network requests to an external vendor API at https://redfox.hk/story/api/gzhData/queryWorkList to fetch WeChat article metadata and metrics.
  • [CREDENTIALS_UNSAFE]: The script assets/subscribe.py contains a hardcoded public API key (ak_db0e200c049b44288d46da0e758d53dd) used as a default credential for accessing the vendor's data services.
  • [PROMPT_INJECTION]: The skill exhibits an indirect injection surface by retrieving external content (article titles and summaries) from a remote API and interpolating that data directly into an HTML report template and terminal output without demonstrated sanitization or output encoding.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 12, 2026, 07:51 PM
Security Audit — agent-trust-hub — gzh-subscribe