Skills
skills/redfox-data/redfox-community/xiaohongshu-top-account/Gen Agent Trust Hub

xiaohongshu-top-account

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's HTML report generation script references the html2canvas library from the well-known jsDelivr CDN (https://cdn.jsdelivr.net/npm/html2canvas). This is a reputable source used to provide the "Save as Image" functionality in the reports.
  • [DATA_EXFILTRATION]: The skill communicates with redfox.hk to fetch account data. This domain belongs to the skill's primary service provider. It correctly utilizes the REDFOX_API_KEY environment variable for authentication rather than hardcoding credentials.
  • [COMMAND_EXECUTION]: The instructions involve executing a local Python script scripts/fetch_rank.py to process queries. The script uses the Python standard library urllib and does not contain any patterns for executing arbitrary shell commands or unsafe code evaluation.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data fetched from external sources (Xiaohongshu account names and metrics). The risk of indirect injection is low as the data is primarily numerical or short text used in structured formats.
  • Ingestion points: scripts/fetch_rank.py fetches account data from the RedFox API.
  • Boundary markers: The data is constrained within Markdown tables and HTML templates.
  • Capability inventory: The skill can write HTML files to the local workspace and utilize the calendar_create tool for subscriptions.
  • Sanitization: The scripts/generate_report.py script uses html.escape to sanitize account names before including them in the HTML report.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:51 PM
Security Audit — agent-trust-hub — xiaohongshu-top-account