geo-agent
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted external content into agent prompts.
- Ingestion points: Fetches search results and competitor abstracts from Baidu and Bing search engines in
scripts/competitor_research.pyandscripts/keyword_manager.py. - Boundary markers: Absent. The untrusted search data is directly interpolated into prompts used for article generation in
scripts/article_generator.pywithout delimiters. - Capability inventory: Performs file system writes (saving articles), browser automation (Playwright), and network publishing to various content platforms in
scripts/publisher.py. - Sanitization: No sanitization or escaping of external content is performed before prompt construction.
- [DATA_EXFILTRATION]: The skill manages sensitive authentication data on the local system.
- Sensitive path access: Reads and writes browser storage state, including cookies and session tokens, in
~/.playwright-data/to automate logins to Zhihu, Baijiahao, Sohu, and Toutiao. - [EXTERNAL_DOWNLOADS]: Performs network operations to several non-whitelisted external domains to support its core functionality.
- Network targets: Interacts with Baidu, Bing, Doubao, Tongyi Qianwen, DeepSeek, and various Chinese publishing platforms (Zhihu, Sohu, Toutiao) for data gathering and distribution.
Audit Metadata