qwoted-seo-backlinks
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The generated statistics page template fetches the Chart.js library from
cdn.jsdelivr.net. This is a well-known, high-reputation content delivery network used to provide visualization capabilities to the research assets created by the skill. - [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it ingests and processes untrusted journalist requests from the Qwoted platform. A malicious request could attempt to influence the agent's drafting behavior. The skill mitigates this risk by:
- Ingestion points: Journalist requests are fetched via
qwoted_search.pyand analyzed inSKILL.md. - Boundary markers:
SKILL.mdmandates that all pitches must be shown to the user for explicit approval before they are sent. - Capability inventory: The agent can execute local Python scripts, perform web research, and write HTML files to the local filesystem.
- Sanitization: The skill relies on the user's manual review of the generated pitches and statistics pages to ensure content integrity.
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
qwoted_login.py,qwoted_search.py,qwoted_pitch.py,qwoted_profile.py) and theplaywrightCLI to automate browser interactions. These executions are confined to the intended functionality of interacting with the Qwoted platform and are triggered by the agent within the local environment. - [SAFE]: The skill manages sensitive Qwoted session cookies by storing them in a local directory (
~/.qwoted/). The documentation and code include appropriate warnings and measures (like.gitignorerecommendations) to ensure these credentials remain private and are not committed to version control.
Audit Metadata