content-factory
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently executes system commands using the subprocess module. For instance,
aggregator/fetch_all.pyusescurlto fetch trending data from various platforms.topic_scorer.pyexecutes thepasspassword manager utility to retrieve API keys for DeepSeek and GLM. Furthermore,draft_reviewer.pyandtopic_presenter.pyexecute an external script,newsbot_send.py, to send notifications and cards to the user. - [CREDENTIALS_UNSAFE]: To perform automated publishing and fetching, the skill reads sensitive local files. Scripts like
auto_publisher.pyandfetch_all.pyaccess browser cookies and session state files stored in~/.playwright-data/or~/.xiaohongshu/for services like Xiaohongshu and WeChat. It also attempts to retrieve AI provider credentials through the system'spasstool. - [PROMPT_INJECTION]: The skill processes untrusted external data, creating an indirect prompt injection surface.
- Ingestion points:
aggregator/fetch_all.pyscrapes hot topic titles, summaries, and descriptions from platforms like GitHub, Reddit, and Weibo. - Boundary markers: Absent.
content_generator.pyandtopic_scorer.pyinterpolate fetched strings directly into LLM prompts using simple string replacement. - Capability inventory: The skill has the capability to write files (drafts), perform network requests (to LLM providers and social platforms), and publish content to Xiaohongshu via
auto_publisher.py. - Sanitization: No sanitization or filtering of fetched content is performed before it is processed by the AI models.
- [EXTERNAL_DOWNLOADS]: The
aggregator/fetch_all.pyscript performs numerous HTTP GET requests to retrieve information from a wide array of sources, including GitHub Trending, YouTube feeds, Bilibili APIs, and several regional news aggregators.
Audit Metadata