content-source-aggregator
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The script scripts/fetch_all.py accesses sensitive session cookie files stored locally on the system.
- Evidence: The script reads credential data from ~/.playwright-data/linuxdo/cookies.txt, ~/.playwright-data/xiaohongshu/cookies.txt, and ~/.playwright-data/sogou-weixin/cookies.txt to provide authentication for web requests.
- [PROMPT_INJECTION]: The skill possesses a significant indirect prompt injection surface by aggregating untrusted content from various external social media and forum platforms.
- Ingestion points: Fetches content from Twitter, YouTube, Bilibili, GitHub, Reddit, LinuxDo, Douyin, and Xiaohongshu.
- Boundary markers: Absent; the generated JSON output does not include delimiters or instructions for downstream LLMs to ignore instructions embedded within the titles or summaries.
- Capability inventory: The skill requests Bash and Write permissions, which could be exploited if an injection attack influences the agent's behavior.
- Sanitization: Absent; the script extracts text from HTML and JSON using regex and basic unescaping without filtering for malicious prompt injection patterns.
Recommendations
- AI detected serious security threats
Audit Metadata