Skills
skills/redfox-data/redfox-community/xiaohongshu-ai-feed/Gen Agent Trust Hub

xiaohongshu-ai-feed

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Retrieves AI-related social media content and engagement metrics from the vendor's API at https://redfox.hk/story/api/parseWork/queryXhsAiMsgs.
  • [COMMAND_EXECUTION]: Employs subprocess.run to manage scheduled tasks for its daily update feature. It interacts with launchctl on macOS to load property list files and modifies crontab on Linux systems.
  • [COMMAND_EXECUTION]: Automatically opens the generated HTML report in the default system browser using open or xdg-open commands.
  • [PROMPT_INJECTION]: The skill processes content fetched from an external API (such as note titles and descriptions) and interpolates it into an HTML template for display. While this is the intended functionality, it constitutes an indirect injection surface where content from the remote source is rendered in the user's browser.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 04:20 PM
Security Audit — agent-trust-hub — xiaohongshu-ai-feed