xiaohongshu-similar-account
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Performs network requests to the vendor domain
redfox.hkto fetch account recommendations. The Python scriptscripts/xiaohongshu-similar-account.pytransmits search criteria and theREDFOX_API_KEYto the remote endpoint. Notably, the script explicitly disables SSL certificate verification (ssl.CERT_NONE), which makes the communication susceptible to Man-in-the-Middle attacks where data could be intercepted or modified. - [COMMAND_EXECUTION]: Executes the local script
scripts/xiaohongshu-similar-account.pyto interact with the API, process data, and generate report files. - [PROMPT_INJECTION]: The skill ingests untrusted data from an external API and renders it into reports, presenting a surface for indirect prompt injection.
- Ingestion points: Data retrieved from the
redfox.hkAPI response (e.g., account nicknames, recommendation reasons). - Boundary markers: None; external data is directly interpolated into the agent's output and HTML templates.
- Capability inventory: Local file writing (
.json,.html) and script execution. - Sanitization: Account nicknames and recommendation text returned from the API are not escaped or sanitized before being rendered in the HTML report, potentially allowing for the injection of malicious HTML or scripts into the visual report.
Audit Metadata