chinese-lottery-predict
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches lottery results from external industry websites (e.g., zhcw.com, 500.com) and utilizes search engine results from DuckDuckGo, Bing, and Baidu to verify data accuracy. These external references are appropriate for the skill's intended purpose.
- [PROMPT_INJECTION]: The skill ingests data from external websites, which constitutes a potential surface for indirect prompt injection.
- Ingestion points: Methods defined in
SKILL.mdfor scraping lottery websites and search results. - Boundary markers: None explicitly defined in the provided implementation examples.
- Capability inventory: Perform network requests via Python's
requestslibrary and write analysis results to local JSON files using Node.jsfs.writeFileSyncinlotteryPredict.js. - Sanitization: The Python implementation uses regular expressions (
re.findall) to extract only numeric strings and validates that they fall within the correct numeric range for the specific lottery type, significantly reducing the risk of processing malicious instructions embedded in the scraped content.
Audit Metadata