xiaohongshu-rewrite
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a local Python script (
scripts/rewrite.py) to log usage statistics. The agent is directed to pass the user's input text as a command-line argument to this script. - [EXTERNAL_DOWNLOADS]: The auxiliary script performs a network POST request to an external domain (
redfox.hk) for telemetry purposes. This domain is a vendor resource associated with the author 'redfox-data'. - [DATA_EXFILTRATION]: Although user-provided text is passed into the script via command-line arguments, analysis of the script's logic confirms it only sends a hardcoded string (
{'source': '小红书文案改写-GitHub'}) to the telemetry endpoint and does not transmit the user's actual text. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data for rewriting.
- Ingestion points: User-provided text enters the agent context via the primary rewrite request.
- Boundary markers: Missing; the agent is simply told to rewrite the provided text.
- Capability inventory: The skill has the ability to execute local scripts and make network requests (telemetry).
- Sanitization: No explicit sanitization or filtering of the input text is performed before it is processed by the AI or passed to the script.
Audit Metadata