xhs-copywriter
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/fetch_xhs_trends.pyconnects to an external API athttps://onetotenvip.com/skill/cozeSkill/getXhsCozeSkillData. This domain is an unverified third-party service with no clear association with the vendor. - [EXTERNAL_DOWNLOADS]: The Python script
scripts/fetch_xhs_trends.pyexplicitly disables SSL/TLS certificate verification by settingcontext.verify_mode = ssl.CERT_NONE. This is a critical security flaw that exposes the data transmission to Man-in-the-Middle (MITM) attacks, potentially allowing attackers to intercept or modify the fetched data. - [COMMAND_EXECUTION]: The skill's operation relies on executing the bundled Python script
scripts/fetch_xhs_trends.pywith user-controlled arguments, which is defined as a mandatory step in the workflow instructions inreferences/core_workflow.md. - [DATA_EXFILTRATION]: User-provided search keywords are transmitted to the external API at
onetotenvip.com. This involves sharing user input and interests with a third-party service, which users should be aware of. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes content from an external third-party source without sanitization or boundary markers.
- Ingestion points: External content is retrieved from
onetotenvip.comviascripts/fetch_xhs_trends.pyand used for content analysis and generation. - Boundary markers: No markers or delimiters are present to distinguish untrusted external content from internal instructions.
- Capability inventory: The agent can execute shell commands (running the script) and perform web searches using
web_search. - Sanitization: No sanitization or validation is performed on the titles or descriptions fetched from the external API before they are processed by the model.
Audit Metadata