rental-assistant
Warn
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
xiaohongshu-cliusing Homebrew from a personal GitHub repository (xpzouying/agent-cli). This source is not verified or associated with a known trusted organization, posing a risk of executing unvetted code. - [COMMAND_EXECUTION]: The skill operates by invoking various local command-line interface (CLI) tools (e.g.,
58-cli,anjuke-cli,apartments-cli) and requires a background daemon (kimi-webbridge) to be running on the host system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to how it handles external data.
- Ingestion points: The agent retrieves rental listing details, prices, and community feedback from several external websites and social media platforms through CLI tool outputs.
- Boundary markers: The instructions do not specify any delimiters or safety markers to isolate external data from the agent's instructions.
- Capability inventory: The skill environment allows for shell command execution and local file system access.
- Sanitization: There is no mention of sanitization or validation of the content fetched from external sources, which could contain instructions designed to manipulate the agent's behavior.
Audit Metadata