plurk
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from Plurk, an external social network. Posts and responses retrieved from the API could contain hidden instructions aimed at manipulating agent behavior. * Ingestion points: Content is ingested through the
timeline,public-timeline, andresponsescommands inscripts/plurk.py. * Boundary markers: No explicit delimiters or instructions are used to separate external data from system prompts. * Capability inventory: The skill allows the agent to post responses back to the platform, creating a potential vector for automated propagation. * Sanitization: Retrieved content is passed directly to the agent without filtering or sanitization. - [COMMAND_EXECUTION]: Documentation provides examples of using
exec()within a Python one-liner command to perform base36 conversion. While the logic in the example is static, providing such patterns in documentation can lead to insecure implementations.
Audit Metadata