Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill processes external content from the Weibo API, which introduces a surface for indirect prompt injection.\n
- Ingestion points:
weibo_hot.pyfetches data fromhttps://weibo.com/ajax/side/hotSearch.\n - Boundary markers: Absent; external content is formatted directly into the agent's output context.\n
- Capability inventory: The skill has no file-write, command execution, or dynamic code execution capabilities, limiting the potential impact of an injection.\n
- Sanitization: No sanitization or filtering is performed on the fetched hot search words.\n- [Data Exposure & Exfiltration] (LOW): The script performs network operations to a non-whitelisted external domain.\n
- Evidence:
requests.getcall targetingweibo.cominweibo_hot.py.\n - Context: The network activity is necessary for the skill's documented functionality and does not involve the transmission of sensitive local data or hardcoded credentials.
Audit Metadata