Skills
skills/redfox-data/redfox-community/wechat-similar-account/Gen Agent Trust Hub

wechat-similar-account

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The script scripts/wechat_similar_accountr.py contains logic to locate the REDFOX_API_KEY by reading local shell configuration files (e.g., ~/.zshrc, ~/.bashrc, ~/.profile) and the Windows Registry. This behavior is used for automated credential management for the vendor's own API service.
  • [COMMAND_EXECUTION]: The skill's instructions in SKILL.md suggest the agent help users configure the required API key by executing shell commands that modify local environment configuration files.
  • [PROMPT_INJECTION]: The skill processes account data and article metadata (titles, summaries) from the external redfox.hk API. While this data is used for legitimate analysis, it represents a potential surface for indirect prompt injection if the source data contains malicious instructions. The analysis identifies ingestion points in scripts/wechat_similar_accountr.py where external content is interpolated into markdown without explicit sanitization or boundary markers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 02:06 AM
Security Audit — agent-trust-hub — wechat-similar-account