jiucai-capture
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Susceptible to Indirect Prompt Injection. The skill ingests data from public web articles (via scrapers in
a_stock_watcher/sources/) and passes this content directly to the Gemini AI model ina_stock_watcher/ai_parser.py. An attacker could publish content on the target website that includes malicious instructions designed to manipulate the AI's analysis or agent behavior. - Ingestion points: Scraped content from
jiuyangongshe.comprocessed ina_stock_watcher/sources/study_hot.py,industry_chain.py, andaction.py. - Boundary markers: None. The scraped article title and content are interpolated directly into the
PARSE_PROMPTandIMAGE_PARSE_PROMPTwithout delimiters or instructions to ignore embedded commands. - Capability inventory: Network access for scraping, local SQLite database writes, and generation of natural language investment advice to the user.
- Sanitization: No sanitization, filtering, or validation is performed on the scraped text before it is processed by the LLM.
- [COMMAND_EXECUTION]: The skill frequently uses shell commands for environment setup, dependency management with
uv, and execution of its internal Python modules and data query scripts. - [EXTERNAL_DOWNLOADS]: During the installation phase, the skill executes
playwright install chromium, which downloads browser binaries from the official Playwright project servers to enable web scraping functionality.
Audit Metadata