cn-economy-news
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection risks.
- Ingestion points: The skill retrieves external content from various news websites using
web_fetch,web_search, and thescripts/fetch_news.pyscript. - Boundary markers: The prompt instructions lack explicit markers or delimiters to separate fetched external content from agent instructions, nor do they include warnings to ignore embedded instructions in the fetched data.
- Capability inventory: The skill has the capability to execute network requests via Python's
requestslibrary and the agent's web tools, and it executes a local script (scripts/fetch_news.py). - Sanitization: While the skill implements domain whitelisting for official sources and keyword filtering for advertisements, it does not perform sanitization or validation of the actual article content before processing it for summarization.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch data from external sources.
- The script
scripts/fetch_news.pydownloads RSS feeds from official domains (e.g.,gov.cn,news.cn) and scrapes search results fromcn.bing.com. - Insecure Configuration: The script explicitly disables SSL certificate verification (
verify=False) and suppresses security warnings. This configuration makes the data fetching process susceptible to Man-in-the-Middle (MitM) attacks. - [COMMAND_EXECUTION]: The skill's workflow includes the execution of a local Python script (
scripts/fetch_news.py) to perform data aggregation and filtering tasks.
Audit Metadata