housing-monitor
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves housing market statistics from external domains, including official government sources (stats.gov.cn, zjj.sz.gov.cn) and specialized third-party platforms (gotohui.com).
- [COMMAND_EXECUTION]: Executes Python code for data processing and chart generation using libraries such as matplotlib, numpy, and pandas.
- [PROMPT_INJECTION]: The skill ingests untrusted data from web search results, creating a potential indirect prompt injection surface. Ingestion points: Web search results from statistical and real estate websites. Boundary markers: No specific delimiters or instructions to ignore embedded commands in fetched data are present. Capability inventory: Subprocess execution for Python scripts and file system write operations. Sanitization: No explicit validation or filtering of external data content is described.
- [DATA_EXFILTRATION]: Market charts are saved to hardcoded absolute file paths (e.g., /Users/lumin/skills/shenzhen_real_estate_charts.png), which reveals local directory structures.
Audit Metadata