agentbay-monitor-skills
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Downloads] (MEDIUM): The skill requires 'wuying-agentbay-sdk', which is not from a trusted source (e.g., Anthropic, OpenAI, Microsoft). This presents a supply chain risk as the dependency's safety and integrity are unverified.
- [Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted content crawled from various social media platforms without sanitization. \n
- Ingestion points: Untrusted data is ingested in 'scripts/crawler/crawler.py' via 'self.adapter.session.file_system.read_file("/tmp/results.json")'. \n
- Boundary markers: The 'scripts/sentiment/sentiment_instruction.md' file lacks delimiters or instructions to ignore embedded commands within the 'results' data. \n
- Capability inventory: The agent has the capability to execute shell commands ('scripts/report.py', 'scripts/sentiment/write_processed.py') and manage API credentials. \n
- Sanitization: No escaping or validation is applied to the 'title' or 'content' fields before they are analyzed by the LLM.
Audit Metadata