Skills
skills/redfox-data/redfox-community/xiaohongshu-search/Gen Agent Trust Hub

xiaohongshu-search

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to https://redfox.hk to retrieve trending note data. This domain is the official API provider for the skill's vendor (redfox-data). These requests are authenticated using a user-provided REDFOX_API_KEY via environment variables.
  • [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/fetch_xhs_hot_articles.py) to handle the API interaction and data processing. The script uses only standard Python libraries and performs local file writing to generate HTML reports, which is consistent with its stated purpose.
  • [CREDENTIALS_UNSAFE]: The skill correctly instructs users to manage sensitive API keys using environment variables (e.g., export REDFOX_API_KEY) rather than hardcoding them in scripts or prompts.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data from the Redfox API (titles, descriptions, author names) and displays them to the user. While this constitutes an attack surface, the script includes basic HTML escaping to mitigate potential injection in the generated visualization files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:50 PM
Security Audit — agent-trust-hub — xiaohongshu-search