geo-agent
Warn
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs users to manually login to various platforms and store sensitive session cookies in the
~/.playwright-data/directory. These credentials are then accessed by thepublisher.pyandindex_checker.pyscripts to perform automated actions. - [COMMAND_EXECUTION]: The skill utilizes the Playwright library to automate web browser interactions, enabling the agent to navigate websites, fill forms, and click buttons programmatically.
- [EXTERNAL_DOWNLOADS]: The skill fetches research data from external search providers like Baidu and Bing, and interacts with third-party AI chat interfaces (Doubao, Qianwen, DeepSeek). It also requires downloading browser binaries via
playwright install chromium. - [DATA_EXFILTRATION]: The automated publishing mechanism (
publisher.py) moves content from the local environment to external platforms. While intended for article posting, this functionality could be repurposed for unauthorized data transmission if the agent's instructions are compromised. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted content from the web and uses it to build prompts for further LLM tasks.
- Ingestion points: Search result snippets and AI-generated responses fetched in
scripts/competitor_research.pyandscripts/index_checker.py. - Boundary markers: Prompts in
scripts/article_generator.pyinterpolate external data without specific delimiters or instructions to ignore embedded commands. - Capability inventory: File system write access to the
data/directory and network operations viahttpxandplaywrightbrowser automation. - Sanitization: There is no evidence of filtering or escaping performed on the external research data before it is presented back to the LLM context.
Audit Metadata