insurance-agent-social-media

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts (scripts/xiaohongshu_publish.py and scripts/validate_input.py) to manage the publication workflow and validate user inputs. The publication script utilizes Playwright to automate browser interactions on the Xiaohongshu creator platform.
  • [EXTERNAL_DOWNLOADS]: The skill fetches real-time insurance news from several external sources, including Aliyun IQS, Tavily, and Bing Search API. It also requires the installation of external Python libraries such as AgentScope and Playwright.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from external news websites and incorporates it into generation prompts for social media copy.
  • Ingestion points: News content retrieved via the WebSearch workflow defined in SKILL.md (Step 2).
  • Boundary markers: Not explicitly implemented in the content generation prompts.
  • Capability inventory: Browser automation via Playwright (scripts/xiaohongshu_publish.py), file system writes for image and metadata storage, and network access for API calls.
  • Sanitization: No evidence of input sanitization or filtering of external news content before it is processed by the agent.
  • [DATA_EXFILTRATION]: The automation script saves sensitive browser authentication states to a local file (xiaohongshu_auth.json). While this is required for persistent login in browser automation, the exposure of this file would allow unauthorized access to the user's social media account.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:41 AM
Security Audit — agent-trust-hub — insurance-agent-social-media