modao-capture
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function involves the agent executing a local Node.js script (
scripts/modao-capture.js) with user-supplied arguments via the bash tool. Executing local scripts can lead to arbitrary code execution on the host system. - [EXTERNAL_DOWNLOADS]: The environment setup requires running
npm install, which downloads third-party packages from the NPM registry. Because thepackage.jsonfile and its dependency list were not provided in the skill contents, these external dependencies cannot be verified for safety. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it scrapes content (page text and comments) from external Modao prototype links. Malicious instructions embedded in a prototype's metadata or comments could be processed by the agent in subsequent steps.
- Ingestion points: External Modao prototype URLs (
modao.cc) processed by thescripts/modao-capture.jsscript. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided documentation.
- Capability inventory: Ability to execute Node.js scripts, perform network requests (via Puppeteer), and write files to the local project directory.
- Sanitization: No evidence of input sanitization or safety filtering for the scraped external content before it is read by the agent.
Audit Metadata