Skills
skills/redfox-data/redfox-community/xiaohongshu-title-score/Gen Agent Trust Hub

xiaohongshu-title-score

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/fetch_xhs_trends.py executes system commands via subprocess.run on Windows to retrieve user-level environment variables via PowerShell. This is used as a fallback mechanism for API key management.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with https://redfox.hk to retrieve viral title data and trend analysis. This network activity is required for the skill's primary functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes third-party content (viral titles and descriptions) from the Xiaohongshu platform. The instructions do not specify the use of strict boundary markers or sanitization for this external data, which could allow maliciously crafted titles to influence the agent's output logic during analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:50 PM
Security Audit — agent-trust-hub — xiaohongshu-title-score