yao-geo-panorama-audit

Fail

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The example builder script examples/lingxu-synthetic-panorama/build_example.py uses subprocess.Popen to launch Google Chrome with the --no-sandbox flag.
  • Disabling the browser sandbox is a high-risk security practice, particularly when rendering HTML content that could contain untrusted scripts or layouts.
  • Evidence: The command array in render_pdf includes --no-sandbox, --headless=new, and --disable-gpu.
  • [REMOTE_CODE_EXECUTION]: The script examples/hubspot-cn-panorama/build_example.py performs dynamic code loading and execution.
  • It uses importlib.util.spec_from_file_location and spec.loader.exec_module to load the SOURCE_BUILDER script from a different directory.
  • This pattern allows for the execution of code from computed file paths, which can be exploited if the source path is compromised.
  • [PROMPT_INJECTION]: The skill's instructions in SKILL.md and references/official-site-evidence.md describe a large attack surface for indirect prompt injection.
  • Ingestion points: The agent is instructed to crawl and archive brand websites, official portals, and third-party sources (media, forums, reports).
  • Boundary markers: There are no specific instructions or delimiters provided to ensure the agent ignores instructions embedded in the crawled content.
  • Capability inventory: The agent has shell access and can execute utility scripts with network and file-writing capabilities.
  • Sanitization: There is no evidence of sanitization or filtering logic applied to external data before it is ingested into the agent's context.
  • [EXTERNAL_DOWNLOADS]: The skill is intended to perform network requests to non-whitelisted domains for 'crawling' and 'cross-verification' purposes.
  • While consistent with the skill's purpose (GEO audit), this involves interacting with untrusted external infrastructure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 15, 2026, 10:56 AM
Security Audit — agent-trust-hub — yao-geo-panorama-audit