qiaomu-app-review

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted user-generated content from App Store reviews, which creates a potential surface for indirect prompt injection where malicious reviews could attempt to influence the agent's behavior.
  • Ingestion points: The script scripts/app_review_local.mjs fetches external JSON data from Apple's public iTunes RSS and lookup APIs.
  • Boundary markers: While the analysis prompt in agent-prompt.md provides structure for the output, it lacks explicit delimiters or specific instructions for the agent to disregard potential commands found within the ingested review text.
  • Capability inventory: The local script performs network reads from itunes.apple.com and writes analysis results to multiple local files including reviews.json and evidence.html.
  • Sanitization: The script includes an escapeHtml utility to sanitize content for the HTML dashboard and truncates long review content to 700 characters.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 01:50 PM
Security Audit — agent-trust-hub — qiaomu-app-review