Skills
skills/redfox-data/redfox-community/wechat-original-hot/Gen Agent Trust Hub

wechat-original-hot

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to execute local Python scripts (scripts/fetch_articles.py and scripts/generate_hot_html.py) to retrieve data and generate reports. These scripts use the subprocess module to perform their tasks.
  • [DATA_EXPOSURE]: Inside scripts/fetch_articles.py, the script explicitly disables SSL certificate verification by setting ssl_ctx.verify_mode = ssl.CERT_NONE. This makes the connection to the vendor's API vulnerable to Man-in-the-Middle (MITM) attacks, which could lead to the exposure of the REDFOX_API_KEY and the retrieved data.
  • [EXTERNAL_DOWNLOADS]: The HTML report generated by scripts/generate_hot_html.py includes a reference to the html2pdf.js library hosted on Cloudflare's well-known public CDN (cdnjs.cloudflare.com). This is used to provide PDF export functionality for the user.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and displays content from an external API (redfox.hk).
  • Ingestion points: scripts/fetch_articles.py fetches article titles and metadata from an external JSON API.
  • Boundary markers: None. The agent is specifically instructed in SKILL.md to display the script's output "as-is" and "without modification."
  • Capability inventory: The agent has the capability to execute commands via subprocess and perform local file writes.
  • Sanitization: No sanitization or filtering of the content retrieved from the API is performed before it is rendered by the agent or included in the HTML report.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:51 PM
Security Audit — agent-trust-hub — wechat-original-hot