xiaohongshu-weeklytop
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from an external API. \n
- Ingestion points: Xiaohongshu post titles and descriptions are fetched via
xhs_weekly_fetcher.pyfrom theredfox.hkAPI. \n - Boundary markers: Absent; data is processed and analyzed without delimiters or warnings to the model to ignore embedded instructions. \n
- Capability inventory: The skill executes local Python scripts, writes to the filesystem (JSON cache and HTML reports), and performs network requests. \n
- Sanitization: Absent; no content filtering or sanitization is applied before data is used in analysis or reports. \n- [DATA_EXFILTRATION]: The
xhs_weekly_fetcher.pyscript includes a fallback mechanism that reads sensitive shell configuration files (e.g.,~/.zshrc,~/.bashrc,.bash_profile) to find theREDFOX_API_KEY. While documented as a convenience feature, accessing these files is a high-privilege operation. \n- [COMMAND_EXECUTION]: The skill relies on the execution of Python scripts to interact with external APIs and generate visualization reports. These scripts use therequestslibrary to communicate with the vendor's API and perform file system writes for caching and report generation.
Audit Metadata