last30days-cn

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill aggregates data from several social media platforms, creating a significant surface for indirect prompt injection.
  • Ingestion points: Data is fetched from Weibo, Xiaohongshu, Bilibili, Zhihu, Douyin, WeChat, Baidu, and Toutiao (refer to the modules in scripts/lib/).
  • Boundary markers: Absent. Reports rendered in render.py provide text from these platforms to the agent without using delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill is configured with access to Bash and Write tools in SKILL.md, providing a powerful execution environment for potentially malicious instructions ingested from external sources.
  • Sanitization: Content is cleaned of HTML tags but is not otherwise sanitized for prompt injection payloads before being delivered to the agent.
  • [COMMAND_EXECUTION]: A configuration hook script uses an insecure shell coding pattern.
  • Evidence: The file hooks/scripts/check-config.sh uses eval "ENV_${key}=\"${value}\"" to load environment variables from the user's .env file. This represents a command execution risk if the configuration file is modified to contain malicious shell characters.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 06:58 AM
Security Audit — agent-trust-hub — last30days-cn