bili-ai-feed
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The configuration file
references/investigator-config.jsoncontains a hardcoded default API key (ak_b45b6a6881f4400fb321428947eb6661) for accessing the vendor's services. - [COMMAND_EXECUTION]: The script
assets/daily_report.pyexecutes shell commands to establish persistence, usinglaunchctlon macOS and modifying the user'scrontabon Linux/Windows systems. - [COMMAND_EXECUTION]: The main script utilizes
subprocess.runwithshell=Truewhen managing crontab entries, which can be sensitive to command injection if paths or inputs are improperly handled. - [COMMAND_EXECUTION]: The script reads sensitive local environment configuration files, such as
~/.zshrcand~/.bashrc, to extract API keys for authentication. - [EXTERNAL_DOWNLOADS]: The skill fetches dynamic video metadata from the vendor's API endpoint at
https://redfox.hk/story/api/parseWork/queryBiliAiMsgs. - [COMMAND_EXECUTION]: Indirect Prompt Injection Surface:
- Ingestion points: External video titles and tags are fetched from the Bilibili API and processed in
assets/daily_report.py. - Boundary markers: Absent; external data is integrated into the analysis flow without specific delimiters or isolation instructions.
- Capability inventory: The skill performs subprocess execution and file system operations.
- Sanitization: There is no evidence of filtering or escaping untrusted external text (titles/tags) before it is analyzed by the agent, potentially allowing embedded instructions to influence agent behavior.
Audit Metadata