Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The script
weibo_hot.pyperforms a GET request tohttps://weibo.com/ajax/side/hotSearch. Sinceweibo.comis not in the trusted domain whitelist (e.g., GitHub, PyPI), the network operation is flagged at a low severity. No sensitive local files, environment variables, or hardcoded credentials are accessed or transmitted. - [PROMPT_INJECTION] (LOW): The skill displays an indirect prompt injection surface as it processes untrusted external data from a social media API.
- Ingestion points: Data enters the system via the Weibo API in
weibo_hot.py. - Boundary markers: The script does not utilize delimiters or specific instructions to warn the agent about potentially malicious instructions hidden within the trending topics.
- Capability inventory: The script is limited to network reads and console output; it lacks dangerous capabilities such as file system writes, subprocess execution, or dynamic code evaluation.
- Sanitization: The incoming JSON data is parsed and formatted but not sanitized for instruction-like strings before being returned to the agent context.
Audit Metadata