Skills
skills/tentacle-pro/skills/redbookskills/Gen Agent Trust Hub

redbookskills

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill manages Google Chrome processes using the subprocess module and executes JavaScript in the browser context via the Runtime.evaluate CDP command to automate UI interactions and data extraction on the Xiaohongshu platform.
  • [EXTERNAL_DOWNLOADS]: The scripts/image_downloader.py script downloads images and videos from external URLs provided by the user or identified by the agent, facilitating the publication of remote content.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Risk: The skill processes search results and comments extracted from Xiaohongshu in scripts/cdp_publish.py. This untrusted content constitutes an attack surface if an adversary embeds malicious instructions in public posts. The skill mitigates this by using json.dumps to escape data before inserting it into browser-side JavaScript, but the agent's interpretation of the extracted data remains a low-severity risk surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 07:51 PM