qiaomu-app-review
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-generated content from App Store reviews, which creates a potential surface for indirect prompt injection where malicious reviews could attempt to influence the agent's behavior.
- Ingestion points: The script
scripts/app_review_local.mjsfetches external JSON data from Apple's public iTunes RSS and lookup APIs. - Boundary markers: While the analysis prompt in
agent-prompt.mdprovides structure for the output, it lacks explicit delimiters or specific instructions for the agent to disregard potential commands found within the ingested review text. - Capability inventory: The local script performs network reads from
itunes.apple.comand writes analysis results to multiple local files includingreviews.jsonandevidence.html. - Sanitization: The script includes an
escapeHtmlutility to sanitize content for the HTML dashboard and truncates long review content to 700 characters.
Audit Metadata