wechat-title
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses a Python script to fetch trending data from the vendor-owned endpoint
https://redfox.hk/story/api/cozeSkill/getWxCozeSkillData. - [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/fetch_official_account_trends.pyvia shell command interpolation for the--keywordand--daysparameters, which presents a potential command injection surface if the agent does not properly sanitize these inputs before execution. - [DATA_EXFILTRATION]: The skill requires a
REDFOX_API_KEY, which is transmitted to the vendor's infrastructure atredfox.hkfor authentication. This is consistent with the skill's documented vendor-provided functionality. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes external article data without using defined boundary markers or sanitization logic.
- Ingestion points: Data is fetched from an external API and saved to a Markdown file (
{keyword}_爆款数据.md) which is subsequently read by the agent. - Boundary markers: None identified; instructions do not specify the use of delimiters or 'ignore' instructions for the processed data.
- Capability inventory: The skill possesses capabilities for network operations (via requests), file system writes, and subprocess execution.
- Sanitization: There is no evidence of sanitization or validation of the content retrieved from the external API before it is processed by the agent.
Audit Metadata