Security audit

全网内容出海信息源

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed RedFox-powered content report generator that uses an API key, writes local reports/cache, and does not show hidden or destructive behavior.

Install only if you trust RedFox and are comfortable giving this skill a RedFox API key. Keep the key revocable, avoid displaying it in shared logs or terminals, and review generated HTML reports as content fetched from an external data source.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The README explicitly tells users they can invoke the skill with broad natural-language phrases such as 'Simply describe your needs in natural language — no commands to memorize.' In agent environments, overly broad invocation guidance can cause the skill to activate on ambiguous user requests, increasing the chance of unintended data access, report generation, network calls, or file output without sufficiently explicit user intent.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill description uses broad trigger phrases such as '内容出海日报', '爆款', '热点', '创作趋势' and even '自定义查询时使用', without clear scoping constraints. This can cause the agent to invoke the skill in unrelated or only loosely related conversations, potentially sending unintended queries to an external API or generating outputs the user did not explicitly request.

Env Variable Harvesting

High

Category: Data Exfiltration
Content: def get_api_key(): """从环境变量获取 API Key""" api_key = os.environ.get("REDFOX_API_KEY") if not api_key: print("❌ 错误:未找到 REDFOX_API_KEY 环境变量") print("请先配置:export REDFOX_API_KEY=<你的apikey>")
Confidence: 70% confidence
Finding: os.environ.get("REDFOX_API_KEY

Env Variable Harvesting

High

Category: Data Exfiltration
Content: def get_api_key(): """从环境变量获取 API Key""" api_key = os.environ.get("REDFOX_API_KEY") if not api_key: print("❌ 错误:未找到 REDFOX_API_KEY 环境变量") print("请先配置:export REDFOX_API_KEY=<你的apikey>")
Confidence: 70% confidence
Finding: os.environ.get("REDFOX_API_KEY

Hidden Instructions

High

Category: Prompt Injection
Content: --- name: multi-content-feed description: "全网内容出海信息源 — 每日扫描全平台(公众号/抖音/视频号/小红书/快手/B站)内容出海爆款作品,按点赞量筛选Top50,智能聚类题材方向后生成包含平台标签、封面、互动数据与创作洞察的HTML日报。支持按平台、关键词、时间范围定向查询。⚠️数据每日15:00更新前一天数据,目标日期无数据时必须先告知用户并等待确认后才能调用接口,禁止自动获取。当用户需要内容出海日报、内容出海爆款、内容出海热点、内容出海创作趋势或自定义查询时使用。" ---
Confidence: 60% confidence
Finding: Hidden instructions were detected in comments or invisible text. These could contain malicious directives. Manual review is recommended.

Hidden Instructions

High

Category: Prompt Injection
Content: # 全网内容出海信息源 - 核心工作流程 ## 📋 执行流程概览
Confidence: 18% confidence
Finding: Hidden instructions were detected in comments or invisible text. These could contain malicious directives. Manual review is recommended.

Hidden Instructions

High

Category: Prompt Injection
Content: # 全网内容出海信息源 - 使用示例 ## 📖 基础用法
Confidence: 18% confidence
Finding: Hidden instructions were detected in comments or invisible text. These could contain malicious directives. Manual review is recommended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal