xhs-title-scorer
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates network requests to an external API hosted at
https://onetotenvip.com/skill/cozeSkill/getXhsCozeSkillDatato retrieve trending content data. - [COMMAND_EXECUTION]: The skill instructions mandate the execution of a local script,
scripts/fetch_xhs_trends.py, using the system's Python interpreter. The script is called with parameters derived from user input, specifically the search keyword and a calculated start date. - [DATA_EXFILTRATION]: User-supplied keywords and metadata (such as the calculated search timeframe) are sent to the external host
onetotenvip.comas part of the API request parameters. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent's context through the
scripts/fetch_xhs_trends.pyscript, which fetches titles and descriptions from an external API. - Boundary markers: The skill lacks explicit delimiters or instructions to treat the fetched social media content as literal data, potentially allowing instructions embedded in those fields to influence the agent's scoring or output generation.
- Capability inventory: The agent uses the fetched data to perform complex reasoning tasks, including提炼爆款规律 (pattern extraction) and multi-dimensional scoring, which increases the impact if the data contains malicious instructions.
- Sanitization: While the script escapes Markdown table pipe characters, it does not perform sanitization to strip potential prompt injection payloads or behavioral triggers from the external content.
Audit Metadata