Skills
skills/redfox-data/redfox-community/playlet-douyin-feed/Gen Agent Trust Hub

playlet-douyin-feed

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the vendor's API (redfox.hk) to fetch trending video data. This is expected behavior for an information-source skill.
  • [COMMAND_EXECUTION]: Operation requires executing scripts/playlet_douyin_daily.py. The script uses standard libraries to handle data, manage local cache in ~/.workbuddy/cache, and export HTML reports to the user's Downloads folder.
  • [DATA_EXFILTRATION]: Network traffic is restricted to the legitimate API endpoint. Sensitive credentials (API keys) are managed via environment variables rather than hardcoding, following security best practices.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external video data. 1. Ingestion points: scripts/playlet_douyin_daily.py (API response). 2. Boundary markers: Absent; the agent processes titles and descriptions directly. 3. Capability inventory: scripts/playlet_douyin_daily.py performs file-write (reports/cache) and network requests (API). 4. Sanitization: Absent; the script interpolates API data directly into HTML templates and terminal output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 12:31 PM
Security Audit — agent-trust-hub — playlet-douyin-feed