xhs-explosive-content-detector
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/fetch_xhs_trends.pyconnects to an external API endpoint athttps://onetotenvip.com/skill/cozeSkill/getXhsCozeSkillDatato fetch trending data. - [COMMAND_EXECUTION]: The Python script
scripts/fetch_xhs_trends.pyutilizes a custom network handler that deliberately bypasses standard security protocols. - Insecure SSL Configuration: The script explicitly sets
ssl.verify_mode = ssl.CERT_NONEandcontext.check_hostname = False. This disables SSL certificate validation, rendering the connection vulnerable to Man-in-the-Middle (MitM) attacks where data could be intercepted or altered. - SNI Suppression: The script uses
server_hostname=Noneto suppress Server Name Indication (SNI). This is an unusual practice often associated with evading network traffic filters or analysis tools. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests and processes data from an external API.
- Ingestion points: External content is retrieved via
scripts/fetch_xhs_trends.pyand passed to the agent to generate summaries and recommendation reasons. - Boundary markers: The instructions do not define clear delimiters or "ignore previous instructions" guards for the data returned from the API.
- Capability inventory: The skill has the capability to execute scripts and write files to the local file system (
.htmloutput). - Sanitization: There is no evidence of sanitization or validation of the fetched content before it is processed by the agent, meaning malicious instructions embedded in the API response could potentially influence agent behavior.
Audit Metadata