byted-marketing-agent-trending-list
Warn
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to modify the host system by running 'apt update && apt install python3-venv -y'. This requires elevated privileges and changes the system-wide state to satisfy software dependencies.\n- [EXTERNAL_DOWNLOADS]: The environment setup process involves downloading and installing the 'volcengine-python-sdk' package via pip. This is a legitimate dependency provided by the vendor (Bytedance) for accessing their cloud APIs.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by ingesting external data from Volcengine APIs.\n
- Ingestion points: API results containing trending topic descriptions, event summaries, and analysis content (file: openapi_client.py).\n
- Boundary markers: Data is presented within Markdown tables and sections in the instructions, but lacks explicit delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill environment allows shell execution (bash) and Python script execution, providing a pathway if the agent is influenced by malicious data.\n
- Sanitization: The script performs key-based filtering but does not sanitize or escape the content of the data fields before passing them to the agent context.
Audit Metadata