Skills
skills/huangwenxin-gege/openclaw-skill-zhihu-hot/zhihu-hot/Gen Agent Trust Hub

zhihu-hot

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/get_hot.py makes network requests to a non-whitelisted third-party domain (api.vience.cn) to retrieve hotlist data.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by fetching and displaying remote data without sanitization.\n
  • Ingestion points: The script scripts/get_hot.py fetches JSON data from an external API and outputs it to the console.\n
  • Boundary markers: There are no delimiters or instructions to the agent to ignore potentially malicious content within the API response.\n
  • Capability inventory: The script's capabilities are limited to network read operations and printing results to standard output.\n
  • Sanitization: No validation, escaping, or filtering is performed on the title or hotValue fields returned by the remote source before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 08:27 AM