media-auto-publisher
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script
scripts/cookie_manager.pystores authentication cookies in a local JSON file at~/.claude/media-auto-publisher/cookies.json. These cookies are stored in plaintext and represent sensitive session credentials for platforms such as WeChat, Douyin, and Zhihu, which could be accessed by other local processes. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by acting upon data parsed from third-party websites. * Ingestion points: Browser snapshots (raw HTML/text representation) are ingested and parsed in
scripts/media_publisher.py(detect_popup_in_snapshot) andscripts/platform_navigator.py(find_popup_in_snapshot). * Boundary markers: The skill lacks boundary markers or explicit instructions to ignore potentially malicious commands embedded within the website text it parses. * Capability inventory: The skill uses Playwright MCP tools to navigate to URLs and execute click actions based on identifiers found in the snapshots. * Sanitization: The scripts extract element UIDs using string splitting and keyword matching without validating that the targeted element is a legitimate UI component rather than a malicious injection.
Audit Metadata