paoding
Warn
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local scripts
scripts/collect.shandscripts/collect_api.pyto automate content retrieval and processing. It also invokes system tools likeyt-dlp,ffmpeg, andwhispervia subprocesses. - [DATA_EXFILTRATION]: Accesses sensitive local data, specifically reading API keys from
~/.config/paoding/keys.env. It also utilizesyt-dlpwith the--cookies-from-browserflag, which allows the skill to access and use the user's active browser sessions and cookies for platforms like X, Douyin, and Xiaohongshu. - [EXTERNAL_DOWNLOADS]: Automatically fetches media and metadata from a wide range of external social media platforms (YouTube, Bilibili, X, Douyin, Xiaohongshu) based on user-supplied URLs.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection. The skill ingests untrusted external data (transcribed audio, post text, and comments) and processes it to create a 'Strategy Map'.
- Ingestion points:
scripts/collect.sh(transcribed audio) andscripts/collect_api.py(API-fetched posts/comments). - Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions embedded within the transcribed content or post text.
- Capability inventory: The skill has the capability to write new files, specifically generating a full
SKILL.mdfile. - Sanitization: There is no evidence of sanitization or filtering applied to the external content before it is processed by the model.
- [COMMAND_EXECUTION]: Implements dynamic execution by automatically generating a complete
SKILL.mdfile (a 'Content Coach Skill') in Step 4. This file contains AI instructions and workflows derived from the potentially malicious or untrusted external data processed in earlier steps.
Audit Metadata