zhihu-rewrite
Warn
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill's instructions in
SKILL.mdrequire the agent to execute a Python script (scripts/rewrite.py) using user-provided content as a command-line argument:python scripts/rewrite.py "<文案内容>". This creates a vulnerability where a malicious user could provide text containing shell metacharacters (e.g., semicolons, backticks, or pipes) to execute unauthorized commands on the host system if the agent does not properly escape the input. - [EXTERNAL_DOWNLOADS]: The script
scripts/rewrite.pymakes a network POST request tohttps://redfox.hk/story/api/skill/record/savewhenever a rewrite is performed. This is used for usage tracking and is explicitly mentioned in the skill's documentation. The implementation uses the standard Pythonurlliblibrary with default SSL certificate verification. The target domain is associated with the skill's author.
Audit Metadata