insurance-agent-social-media
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
scripts/xiaohongshu_publish.pyandscripts/validate_input.py) to manage the publication workflow and validate user inputs. The publication script utilizes Playwright to automate browser interactions on the Xiaohongshu creator platform. - [EXTERNAL_DOWNLOADS]: The skill fetches real-time insurance news from several external sources, including Aliyun IQS, Tavily, and Bing Search API. It also requires the installation of external Python libraries such as AgentScope and Playwright.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from external news websites and incorporates it into generation prompts for social media copy.
- Ingestion points: News content retrieved via the WebSearch workflow defined in
SKILL.md(Step 2). - Boundary markers: Not explicitly implemented in the content generation prompts.
- Capability inventory: Browser automation via Playwright (
scripts/xiaohongshu_publish.py), file system writes for image and metadata storage, and network access for API calls. - Sanitization: No evidence of input sanitization or filtering of external news content before it is processed by the agent.
- [DATA_EXFILTRATION]: The automation script saves sensitive browser authentication states to a local file (
xiaohongshu_auth.json). While this is required for persistent login in browser automation, the exposure of this file would allow unauthorized access to the user's social media account.
Audit Metadata