viral-topic
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core function of ingesting untrusted third-party data. \n
- Ingestion points: Data from social media platforms (titles, descriptions, summaries) is retrieved via Python scripts and processed by the agent. \n
- Boundary markers: The instructions do not define robust delimiters or specific guidelines to ignore instructions that might be embedded in the social media content. \n
- Capability inventory: The skill possesses command execution capabilities (running bundled Python scripts) and network access. \n
- Sanitization: While some scripts perform basic HTML stripping, there is no specialized logic to prevent the LLM from executing malicious instructions contained within the fetched content. \n- [EXTERNAL_DOWNLOADS]: The skill uses Python scripts to perform network requests to external API services. \n
- YouTube: Communicates with the official YouTube Data API at googleapis.com. \n
- Bilibili: Communicates with Bilibili's public JSON endpoints at api.bilibili.com. \n
- X (Twitter): Communicates with the twitterapi.io advanced search service. \n
- WeChat: Communicates with a user-configured API gateway for WeChat article discovery. \n- [COMMAND_EXECUTION]: The skill's primary workflow involves executing local Python scripts to gather data. \n
- Evidence: The skill and its sub-skills provide commands to run scripts such as search_youtube_viral_topic.py, search_x_viral_topic.py, and search_bilibili_viral_topic.py to perform their discovery logic.
Audit Metadata