xiaohongshu-lowtop
Warn
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script
scripts/fetch_explosive_articles.pycontains logic to scan sensitive shell configuration files, such as~/.bashrc,~/.zshrc,~/.bash_profile,~/.profile, and Windows PowerShell profiles, to automatically locate theREDFOX_API_KEY. Accessing these files can expose other sensitive secrets and credentials stored on the user's system. - [DATA_EXFILTRATION]: Network requests made to the
redfox.hkAPI inscripts/fetch_explosive_articles.pyuse native Python socket and SSL modules with certificate verification disabled (ssl.CERT_NONE). This insecure connection strategy risks exposing the API key and fetched data to interception. - [EXTERNAL_DOWNLOADS]: The
assets/preview-template.htmlfile downloads thehtml2pdf.jslibrary from external CDNs, including jsDelivr, Cloudflare, and unpkg. This is used for the legitimate purpose of generating PDF exports from the generated results. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from Xiaohongshu (note titles and descriptions) and displays it without sanitization.
- Ingestion points: Data is retrieved from the
redfox.hkAPI inscripts/fetch_explosive_articles.py. - Boundary markers: Absent; external content is placed directly into the markdown output without delimiters or warnings to ignore embedded instructions.
- Capability inventory: The agent can execute Python scripts, write files, and provide downloadable attachments.
- Sanitization: Only basic whitespace cleaning is performed for layout purposes; no security-focused filtering is present.
Audit Metadata