Skills
skills/redfox-data/redfox-community/wechat-search/Gen Agent Trust Hub

wechat-search

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: An example API key (ak_c4fc9018ffb14ce4ae35dafd92f466c3) is hardcoded in the documentation file references/gzh_trend_data_format.md. While this appears to be for illustrative purposes, hardcoding any credential is a best practice violation.\n- [EXTERNAL_DOWNLOADS]: The skill communicates with https://redfox.hk to retrieve search results, which is the functional endpoint for the service provided by the vendor redfox-data.\n- [COMMAND_EXECUTION]: Executes the local script scripts/fetch_gzh_trends.py to handle data retrieval and formatting.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) due to processing untrusted data.\n
  • Ingestion points: The skill fetches and displays article titles and summaries from external WeChat sources via the RedFox API.\n
  • Boundary markers: No specific delimiters or safety instructions are used when presenting the fetched article data to the user.\n
  • Capability inventory: The skill can execute local Python scripts and has access to the calendar_create tool for managing subscriptions.\n
  • Sanitization: There is no evidence of sanitization or filtering applied to the external content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:51 PM
Security Audit — agent-trust-hub — wechat-search