yixiaoer
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a legitimate client for the YiXiaoEr service. It correctly utilizes environment variables for sensitive API keys and performs only the necessary file and network operations required to fulfill user requests for content distribution.
- [DATA_EXFILTRATION]: The skill reads local file paths to upload media assets (images, videos) to the vendor's API domain (yixiaoer.cn). This is a core feature of the publishing process and is conducted in a transparent, documented manner.
- [EXTERNAL_DOWNLOADS]: The upload mechanism allows fetching resources from remote URLs to be processed by the platform. This is a standard utility for synchronizing media across content management systems.
- [COMMAND_EXECUTION]: The skill implements a central TypeScript controller (api.ts) that parses JSON-formatted instructions from the agent to interact with various API endpoints. The script includes logic to validate parameters and handle platform-specific DTO schemas.
Audit Metadata