geo-agent
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to how it handles external data.
- Ingestion points:
scripts/competitor_research.pyfetches raw data from Baidu and Bing search results, andscripts/index_checker.pyingests responses from AI platforms. - Boundary markers: Absent. The
scripts/article_generator.pyscript interpolates raw competitor descriptions directly into the prompt without delimiters or instructions to ignore embedded commands. - Capability inventory: The skill has the capability to publish content to major social platforms (Zhihu, Baijiahao, Sohu, Toutiao) via
scripts/publisher.pyand interact with AI search engines. - Sanitization: No sanitization or filtering is performed on the scraped content before it is processed by the LLM.
- [COMMAND_EXECUTION]: The skill executes local Python scripts to automate its workflow.
- It utilizes
python3to run management, research, and reporting modules as subprocesses. - It uses
playwrightto automate browser interactions for login and publishing. - [EXTERNAL_DOWNLOADS]: Fetches browser binaries from the official Playwright repository.
- The installation process involves downloading necessary dependencies from Microsoft's Playwright infrastructure to enable browser automation.
Audit Metadata