llm-public-opinion-analytics-assistant
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its core function of ingesting and analyzing untrusted content from social media platforms.\n
- Ingestion points: Data is crawled from 15 platforms (e.g., Weibo, Bilibili, Douyin) and news URLs via the
DetailCrawlerandDatabaseConnectorcomponents.\n - Boundary markers: There are no explicit instructions or delimiters shown in the logic to prevent the LLM from executing commands embedded in the crawled social media posts or news transcripts.\n
- Capability inventory: The system is connected to a MySQL database and multiple push notification services (Email, WeChat, Telegram), creating a path for untrusted data to influence external communications or data storage.\n
- Sanitization: No specific sanitization or filtering logic is documented for the external data before it is passed to the
OpinionAnalyzerfor sentiment and theme extraction.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of browser drivers (ChromeDriver, EdgeDriver) from official project domains and an LLM model from the Gitcode platform to support crawler and analysis functionality.\n- [COMMAND_EXECUTION]: Operation of the system involves running the main application server (app.py), database initialization scripts (init.py), and automated web crawlers using Selenium to simulate user interactions.
Audit Metadata