gzh-explosive-content-detector
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/fetch_gzh_trends.pyinitiates network requests to the domainonetotenvip.comto retrieve article metadata. - [COMMAND_EXECUTION]: The skill requires the execution of a Python script on the local system to process search results and generate report files.
- [DATA_EXFILTRATION]: User-provided search keywords are transmitted to an external server. This is part of the intended functionality but involves sharing data with a third-party service.
- [SAFE]: The implementation includes defensive coding practices, such as sanitizing filenames to prevent path traversal vulnerabilities and escaping HTML characters to mitigate script injection in the generated output.
- [EXTERNAL_DOWNLOADS]: The script's network client implementation explicitly disables SSL certificate validation, which increases the potential risk of data interception via man-in-the-middle attacks.
Audit Metadata