daily-gzh-content
Warn
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive automation by executing local scripts via shell commands.
- Executes topic discovery scripts (
search.js) within the~/.openclaw/skills/brave-searchdirectory. - Runs Python-based image generation tools (
generate.py) located in~/clawd/projects/MediaClaw/skills/code-material-gen/scripts/. - Invokes a publication script (
publish.py) that handles the automated upload to WeChat Official Accounts. - [DATA_EXFILTRATION]: The skill accesses sensitive identity and session information to perform its tasks.
- Reads user persona data and Daniel's specific profile from
~/.openclaw/workspace-content/USER.md. - Explicitly mentions a dependency on "微信MP cookie" (WeChat MP cookies) for its automated browser-based publishing workflow, which presents a risk of credential exposure if the agent's logic is subverted.
- [PROMPT_INJECTION]: The workflow is vulnerable to indirect prompt injection through search engine results.
- Ingestion points: The skill fetches and processes real-time data from
brave-searchandPerplexityto generate article topics and competitive analysis. - Boundary markers: There are no explicit markers or instructions to treat search results as untrusted data, increasing the risk that embedded malicious instructions in web content could influence the agent.
- Capability inventory: The skill possesses significant capabilities, including shell execution for multiple scripts, local file system modification (creating directories and saving articles), and network publication.
- Sanitization: The skill lacks mechanisms to sanitize or filter search results before they are interpolated into the content generation prompts.
Audit Metadata