xhs-breaking-rankings
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The script
scripts/fetch_explosive_articles.pyperforms network operations to the domainonetotenvip.com. It uses raw Pythonsocketandsslmodules to manually construct HTTPS requests instead of the standardrequestslibrary. This implementation explicitly disables SSL certificate verification by settingverify_modetossl.CERT_NONE, which exposes the connection to Man-in-the-Middle (MitM) attacks. - [COMMAND_EXECUTION]: The script
scripts/fetch_explosive_articles.pyusessubprocess.runto execute a local Python scriptscripts/generate_html.py. It passes potentially untrusted data fetched from the external API as arguments to this subprocess. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It retrieves data from an external third-party API and is instructed by
core_workflow.mdto output the resulting content verbatim to the user. This instruction could lead the agent to follow malicious commands hidden in the fetched data. - Ingestion points: Data fetched from
onetotenvip.cominscripts/fetch_explosive_articles.py. - Boundary markers: Absent. Instructions specifically command the agent to output external content without modification.
- Capability inventory: Subprocess execution in
scripts/fetch_explosive_articles.pyand file generation. - Sanitization: Only basic whitespace and character stripping is performed; there is no validation against malicious instructions.
- [EXTERNAL_DOWNLOADS]: The
assets/preview-template.htmlfile includes external JavaScript dependencies (html2pdf.js) from various CDN providers includingjsdelivr.net,cloudflare.com, andunpkg.com.
Audit Metadata