Skills
skills/redfox-data/redfox-community/wechat-account-analyzer/Gen Agent Trust Hub

wechat-account-analyzer

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The script scripts/wechat_analyzer.py contains logic to read sensitive shell configuration files (~/.zshrc, ~/.bashrc, ~/.bash_profile, ~/.profile). Specifically, the _read_from_shell_config function parses these files to automatically retrieve the REDFOX_API_KEY if it is not found in the environment variables. Accessing these files represents a data exposure risk for other environment variables or secrets stored in those configurations.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection (Category 8) because it fetches and processes untrusted data (article titles, descriptions, and account metadata) from the RedFox API. This data is then formatted into a report for the agent to present to the user.
  • Ingestion points: External data enters through scripts/wechat_analyzer.py via calls to the RedFox API and is stored in output/report_data.json.
  • Boundary markers: Absent. The skill does not use explicit delimiters or 'ignore' instructions in the diagnostic report templates.
  • Capability inventory: Execution of Python scripts (wechat_analyzer.py) and network communication via the requests library.
  • Sanitization: Absent. The skill does not implement sanitization, escaping, or filtering for the external content before it is interpolated into the agent's context.
  • [COMMAND_EXECUTION]: The skill relies on the execution of a Python script (scripts/wechat_analyzer.py) to perform its core logic, including API calls and scoring. While these operations align with the skill's purpose, they involve running local code via the agent's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:51 PM
Security Audit — agent-trust-hub — wechat-account-analyzer