Skills
skills/redfox-data/redfox-community/wechat-10w-hot/Gen Agent Trust Hub

wechat-10w-hot

Fail

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: Hardcoded authentication token detected in multiple files.
  • Evidence: The token 2f9f88dbb743423dbf0a8db2977c49eb is hardcoded in references/api-spec.md and scripts/fetch_hot_articles.py for API access.
  • [COMMAND_EXECUTION]: The skill executes local Python scripts that utilize insecure network configurations.
  • Evidence: scripts/fetch_hot_articles.py and scripts/generate_hot_html.py are executed during the workflow. The script fetch_hot_articles.py explicitly disables SSL certificate verification and hostname checking, which is a significant security risk exposing the connection to Man-in-the-Middle (MitM) attacks.
  • [EXTERNAL_DOWNLOADS]: The skill references a third-party library from a well-known service for HTML to PDF conversion.
  • Evidence: scripts/generate_hot_html.py includes a reference to html2pdf.js hosted on the cdnjs.cloudflare.com CDN.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external content.
  • Ingestion points: Article data (titles, summaries) is fetched from a remote API by scripts/fetch_hot_articles.py.
  • Boundary markers: Absent. The skill does not use delimiters or instructions to ignore commands within the fetched article content.
  • Capability inventory: The skill can execute shell commands and write to the local file system.
  • Sanitization: Absent. Fetched content is displayed without validation or escaping.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 15, 2026, 10:57 PM
Security Audit — agent-trust-hub — wechat-10w-hot