geo-agent
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill manages and stores platform session cookies (credentials) for services such as Zhihu, Baijiahao, and Sohu in the
~/.playwright-data/directory. Access to these files constitutes a significant data exposure risk, as they contain active authentication states which could be compromised if the local environment is shared.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves untrusted data from search engine results (Baidu, Bing) viascripts/competitor_research.pyandscripts/keyword_manager.pyand uses it to build prompts for article generation inscripts/article_generator.py.\n - Ingestion points: Search result titles and abstracts from Baidu and Bing (scripts/competitor_research.py, scripts/keyword_manager.py).\n
- Boundary markers: None identified; untrusted data is directly concatenated into the LLM prompt templates without delimiters or 'ignore' instructions.\n
- Capability inventory: Multi-platform content publishing (scripts/publisher.py) and interaction with AI chat platforms (scripts/index_checker.py).\n
- Sanitization: No validation or sanitization of external content is performed before interpolation into the prompt.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests to search engines and AI chat platforms (Doubao, DeepSeek, etc.) to perform research and index checking. These operations are consistent with the skill's stated purpose and target well-known services.\n- [COMMAND_EXECUTION]: The skill executes multiple internal Python scripts to handle automated browser interactions, keyword processing, and content generation tasks.
Audit Metadata