yao-geo-panorama-audit
Fail
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The example builder script
examples/lingxu-synthetic-panorama/build_example.pyusessubprocess.Popento launch Google Chrome with the--no-sandboxflag. - Disabling the browser sandbox is a high-risk security practice, particularly when rendering HTML content that could contain untrusted scripts or layouts.
- Evidence: The command array in
render_pdfincludes--no-sandbox,--headless=new, and--disable-gpu. - [REMOTE_CODE_EXECUTION]: The script
examples/hubspot-cn-panorama/build_example.pyperforms dynamic code loading and execution. - It uses
importlib.util.spec_from_file_locationandspec.loader.exec_moduleto load theSOURCE_BUILDERscript from a different directory. - This pattern allows for the execution of code from computed file paths, which can be exploited if the source path is compromised.
- [PROMPT_INJECTION]: The skill's instructions in
SKILL.mdandreferences/official-site-evidence.mddescribe a large attack surface for indirect prompt injection. - Ingestion points: The agent is instructed to crawl and archive brand websites, official portals, and third-party sources (media, forums, reports).
- Boundary markers: There are no specific instructions or delimiters provided to ensure the agent ignores instructions embedded in the crawled content.
- Capability inventory: The agent has shell access and can execute utility scripts with network and file-writing capabilities.
- Sanitization: There is no evidence of sanitization or filtering logic applied to external data before it is ingested into the agent's context.
- [EXTERNAL_DOWNLOADS]: The skill is intended to perform network requests to non-whitelisted domains for 'crawling' and 'cross-verification' purposes.
- While consistent with the skill's purpose (GEO audit), this involves interacting with untrusted external infrastructure.
Recommendations
- AI detected serious security threats
Audit Metadata