story-short-scan

Fail

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The ab function in scripts/cdp-utils.js constructs shell commands for execSync using string concatenation with inadequate argument escaping. While it attempts to escape double quotes, it does not sanitize other shell metacharacters such as backticks (`) or dollar-parentheses ($()). These characters remain active within the double-quoted strings in most shell environments, allowing for arbitrary command execution if unsanitized user or external input reaches this function.
  • [CREDENTIALS_UNSAFE]: The scripts/heiyan-booklist-scraper.js script extracts the Admin-Token from the user's browser cookies using document.cookie. This sensitive authentication material is then stored in variables and used in the headers of subsequent network requests. This pattern of programmatic session token harvesting from the browser environment represents a significant credential exposure risk.
  • [PROMPT_INJECTION]: The skill ingests large amounts of untrusted data (book titles, descriptions, and metadata) from external platforms such as Dianzhong and Heiyan. This data is processed during the analysis phase, creating an Indirect Prompt Injection attack surface where malicious content embedded in the web novel data could override the agent's instructions.
  • Ingestion points: Web scraping functions extractStoriesFromText and extractStories in scripts/dz-browse-scraper.js, and API data retrieval in scripts/heiyan-booklist-scraper.js.
  • Boundary markers: Absent. The skill does not use XML tags or specific delimiters to isolate scraped content from the agent's system instructions.
  • Capability inventory: The skill possesses powerful capabilities including shell command execution (execSync) and file system writes (fs.writeFileSync).
  • Sanitization: None detected. The scripts perform basic formatting and regex-based extraction but do not sanitize the text for potentially malicious LLM instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 22, 2026, 08:55 AM
Security Audit — agent-trust-hub — story-short-scan