story-short-scan
Fail
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
abfunction inscripts/cdp-utils.jsconstructs shell commands forexecSyncusing string concatenation with inadequate argument escaping. While it attempts to escape double quotes, it does not sanitize other shell metacharacters such as backticks (`) or dollar-parentheses ($()). These characters remain active within the double-quoted strings in most shell environments, allowing for arbitrary command execution if unsanitized user or external input reaches this function. - [CREDENTIALS_UNSAFE]: The
scripts/heiyan-booklist-scraper.jsscript extracts theAdmin-Tokenfrom the user's browser cookies usingdocument.cookie. This sensitive authentication material is then stored in variables and used in the headers of subsequent network requests. This pattern of programmatic session token harvesting from the browser environment represents a significant credential exposure risk. - [PROMPT_INJECTION]: The skill ingests large amounts of untrusted data (book titles, descriptions, and metadata) from external platforms such as Dianzhong and Heiyan. This data is processed during the analysis phase, creating an Indirect Prompt Injection attack surface where malicious content embedded in the web novel data could override the agent's instructions.
- Ingestion points: Web scraping functions
extractStoriesFromTextandextractStoriesinscripts/dz-browse-scraper.js, and API data retrieval inscripts/heiyan-booklist-scraper.js. - Boundary markers: Absent. The skill does not use XML tags or specific delimiters to isolate scraped content from the agent's system instructions.
- Capability inventory: The skill possesses powerful capabilities including shell command execution (
execSync) and file system writes (fs.writeFileSync). - Sanitization: None detected. The scripts perform basic formatting and regex-based extraction but do not sanitize the text for potentially malicious LLM instructions.
Recommendations
- AI detected serious security threats
Audit Metadata